Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    modest-menu_v1.0.0_unknowncheats.me__unknowncheats.me_.zip

  • Size

    16.8MB

  • Sample

    240522-zh2ryaga56

  • MD5

    13b33baf9597ae6ddc68fa9634af16f1

  • SHA1

    57f3a723634ec00b4f09d066bc0607084cc4b6e5

  • SHA256

    75a3295f8c688359fcb7555b80e3f71ee42c5ac1d4525a39b2571107acf06a45

  • SHA512

    ed38d6150cbeae60451b74ae50af1bbbaf035924fdd266cf8a8fc8b84fe403dcb689185d1a9b5db048f1c11106a1a655d14d4833c7593512c5661d4c587a2e1c

  • SSDEEP

    393216:L4fEsf5x2pN6HtduMm1hfs9mosX3jtV6sEgmOnCcgXPzhEgM1lpOmi:LaEsX2ONdF3sn39ESnh6hQXW

Malware Config

Targets

    • Target

      modest-menu_v1.0.0_unknowncheats.me__unknowncheats.me_.zip

    • Size

      16.8MB

    • MD5

      13b33baf9597ae6ddc68fa9634af16f1

    • SHA1

      57f3a723634ec00b4f09d066bc0607084cc4b6e5

    • SHA256

      75a3295f8c688359fcb7555b80e3f71ee42c5ac1d4525a39b2571107acf06a45

    • SHA512

      ed38d6150cbeae60451b74ae50af1bbbaf035924fdd266cf8a8fc8b84fe403dcb689185d1a9b5db048f1c11106a1a655d14d4833c7593512c5661d4c587a2e1c

    • SSDEEP

      393216:L4fEsf5x2pN6HtduMm1hfs9mosX3jtV6sEgmOnCcgXPzhEgM1lpOmi:LaEsX2ONdF3sn39ESnh6hQXW

    Score
    9/10
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      config.json

    • Size

      3KB

    • MD5

      3bea77ef233e2e32636ba889ceb489e3

    • SHA1

      6a0a6be2e24cd5497fbf0298e244234716f5419a

    • SHA256

      a8732f591cbed2b2ab923236d22948f10cb7c4011d6a1018be2fe3c8e8fbf5f2

    • SHA512

      c924567c6c683b90b6dd31af7e976a8222d164c99137b38149ef79d4a1222b35c8bdfef155ee071e66c38b1601f3868c22c30d477fbc5f2dcd7599cd7f4be707

    Score
    3/10
    • Target

      modest-menu.exe

    • Size

      16.9MB

    • MD5

      ce03d8db32b901caba01fa8b1beefe54

    • SHA1

      76377cea7317bd28af0ccaab276bd49360936a9d

    • SHA256

      a568e2a4d89ab76ab9ff11b30bf320dcc4413353660678c51abc79863ff3c1c4

    • SHA512

      40ef98ee1dd411d3f634f9fe1ccdac0bc8fa5d13b1392ac5d045bf130db6efc5ebae48298d02a732fe634af953af10c004d54c3a4d5862b7f9cd6736f6ddbfca

    • SSDEEP

      393216:YwOMvc42XGU57JO0OTOUbHvnqdLNZHgbATTT9:Yeh2Xb1Ra4LNibATv

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      scripts/Readme.api

    • Size

      24KB

    • MD5

      36754844e4b9d76b810066b529af0e5b

    • SHA1

      da8c4031d42ae41a796b409d525883b71c23bd0f

    • SHA256

      668a8e8430485417796ea563eb97fd366fdaa2f7fc6769bf5a18626f19aef1f6

    • SHA512

      5e0eba72a25c4d8f9727bf4ec2f3ae7dacd71b34df710bb7daf41c5f3dc6ca08473de783580d0b2982831f93394dcac485c9980f46af6973af96aeb03e9de659

    • SSDEEP

      192:qNzc4v05Feq0hHBjBCpGjem0uezAsNpGlbWXxX5IS+wwSgU0FXxZujFS+JraytK2:h5ChWGjemBZWXxX5MO0FrujPJreOi4

    Score
    3/10
    • Target

      scripts/demo.lua

    • Size

      429B

    • MD5

      a0cdff1f4eaf5af121513b9885295341

    • SHA1

      e40fc44c5b82a8c02e7248c8b104c0f8abdc4f97

    • SHA256

      f2b354df9b4d661f6227132c39937b8f706626886cdcf65540ebc5b78f55f6ea

    • SHA512

      1bf19f211a11c6b88ca9583ff20c1c8ed3e14f8f7ff68622a37c5c151ef2473e41bfd2b503bcc99f6e6e3f79b6845678cecfd3e23406353f35883fbf9b2beecd

    Score
    3/10
    • Target

      scripts/menu.lua

    • Size

      1KB

    • MD5

      9596bef3ecd38e99364eb58e56cd49be

    • SHA1

      676b733db5bb30bdb7824024a1c2fc045a27b4f1

    • SHA256

      4a7d7886622501f6b6728a0e9860fe81a1c90fd0e5f2fbe7ff94524e05e0b6b8

    • SHA512

      f2d1b11964181b3017f12f381bc241688f18efb3901acd6697ce0ba462693ac947e1d576d88de08b8e8798680cc4e640c5ec1aa4b2a0f4ad6739904f48ce7665

    Score
    3/10
    • Target

      scripts/sirius.lua.example

    • Size

      468B

    • MD5

      1fdd7bce4f24c51ec8267d7fe65b265e

    • SHA1

      4f247776830fb30cf816f227f13d3645b8d3aa6d

    • SHA256

      d331a1344d7354019fdeb564a21f95f85f26458f91aa93d7af58affa9728cb1d

    • SHA512

      4bf9c85600dcab2ff532ef5f459c270d3197ea5a9d46677b4f7f1e0d2e3b3454bc5ba1f64bcb732448cbe37a71a2112511f46166ec4ba0f3db1ca14d4f685bb4

    Score
    3/10
    • Target

      scripts/vehicle.lua

    • Size

      306B

    • MD5

      1eceb52600b875b85a169687fb62ed1e

    • SHA1

      2d13ed39f1d757af9a5d07790065cc8c00c4984b

    • SHA256

      0cddccf554633f15fbc453cd0080469c3806d7bd13824f68e3a1ee0cfb2da20b

    • SHA512

      23baa825d5c3dfb66d1582ce6332bee8272f345742ba50977c0622c7be4fb6b9b921b473a424a2453df3cbc0ff0b473cf7897955fe09a4fd7a10d0df2ef2188b

    Score
    3/10
    • Target

      scripts/weapon.lua

    • Size

      277B

    • MD5

      402a9279c76afb2c5977cf97d270c3d1

    • SHA1

      4cd6474f3cbf9c3ca26277d5691460e8744aae59

    • SHA256

      20d2e8d52504c96dcb846b08da138418048ed3b58128b05ddf1bde09694c5c14

    • SHA512

      7357aff15e11de58da79a4eaa603c5ad7fb16ec426e71358e87dd14862d19c44b80896c0e66766479978bb0ba88704457b5356f9f86f6f4af41a39c52ffa45db

    Score
    3/10
    • Target

      themes.json

    • Size

      2KB

    • MD5

      ecc97a512f2bee4c4344a7a4126b5a5b

    • SHA1

      73cd4d3e586b17d307decebd1ba8bea105977e29

    • SHA256

      b5eeb2b5d8656f0399220039f15e50c2566bf13124681f67c65f8b042d8fdc4c

    • SHA512

      4d411ea0b3c67f2b38034fc9c1491dca070801e6521cc7cd8cdf91e2343a7caa7861313445e3d53cbe8dc8f64a0ce8169b191a054536c186dc2d1dcfba25bd18

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.