Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Контекстное меню.zip

  • Size

    1.1MB

  • Sample

    240529-t2nfrscc77

  • MD5

    e8c6d44edd23d9b49dae89442230baf7

  • SHA1

    0e8c69e88c1ea07d4125cbae41f7c65242508210

  • SHA256

    fb0e1a5a8ce0287140caa53c632cde2d111014e14b7f42b8fae5b287aaa3736b

  • SHA512

    694c48bd7054cd7e0270867061a5add9e29f8bac8126deabfd29c6097a7c139d5ba33ef58b6ee2551eff1a602b57fa5fec43861d31aa0257e0fbfd06089debb9

  • SSDEEP

    24576:SXtaYy5rbOkuFG2vRNzAmFbSDm+eMGPxpzRII8Z4EyFg7Ix:XYy5rJkvRNzAmUSqU+IaMg7u

Score
10/10

Malware Config

Targets

    • Target

      MENU.bat

    • Size

      183KB

    • MD5

      7d5957e6a5bb4c3ca187deea5ae7ccb6

    • SHA1

      8ab3d729aa3a4b8b65bc7c55c20584f7f051c08d

    • SHA256

      5fc67423b7525b9daf0c2cbd454206e2db1ca167c8fd6b8e390caae8797a6352

    • SHA512

      782a687c23c5ff9c1472ba88a8e4f2bc9f2e6b268c4286eb7581e95cd42f00cf9761b025027773edef849fad542fdbb986c96b46489811c9441106e308310730

    • SSDEEP

      3072:mA/9obuPb1dhnWpGy+9l1NRldjayM4m1EPBPbuE1m7:LFobuPb1yR+9l1NRldjbM4m1EZPbuE1G

    Score
    7/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      Work/RegToScript.exe

    • Size

      941KB

    • MD5

      86ff97b1873b136a0ca5e6409f4760bc

    • SHA1

      72e3c177e8f6de279bbac981eb4229fced7baf2b

    • SHA256

      ff14c17e3e380f4557b413f8a77fa40c8404a40a94d4719c0b33af2f58bd0a95

    • SHA512

      736473b2953394ae9de6f031c3c08438d2dff48c83e0c1892d086151968a7ef17af1069c2e115f7cd9d6272825c1ee84bc6aaeaa469507863debabb44108e06b

    • SSDEEP

      24576:yfTkD0E003ubc2MRgCmP/ZwIDzq+Iha5a0HhI:GG00SSgCmP/ZwYj48a0B

    Score
    1/10
    • Target

      Work/RestExplorer.exe

    • Size

      806KB

    • MD5

      ac75bde2b70097ca86e16987bf387857

    • SHA1

      06e72123132e1ef58f7b7ea3c8e65cb75062e6d6

    • SHA256

      ec890a669da3c53b73ca83ec0c267fa0dcf1ad428feb829a3422ebc36bc1841f

    • SHA512

      f4994e8e5a807caa254e73e9796d61bcea204f0aa80cc391bccddbf28478f738c1d4f095518196a9b152654596beb184b36507ffcf434407d78ad1c3e43b96a0

    • SSDEEP

      12288:v69zDWz/xwNqdsbrIX3JALF1QbCagrEGgtNryyCJuDT/PNa04YQtHyw4AR6SPWc:v2DW/xbmX2YIb+Qsu3/PNLDQtHyZiP3

    Score
    8/10
    • Modifies Installed Components in the registry

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Target

      Work/SoundChanger.exe

    • Size

      226KB

    • MD5

      85c6cb4b878b49c4f73abd6316b58230

    • SHA1

      2a3e616b036819035bbfe4e0a2dc49c82449a314

    • SHA256

      7987fd74868b355632df577b9d18d449f696b2a96ea7633cae35cd07c600a588

    • SHA512

      fc269c2f16b0adcdbcf5d5b2ac55ba079d46b6801508d5db82a7adf5085b9e11024dfe745d416c7fc5e09b05d057cdae8589891965b6534bcd07f8ecc8dfc606

    • SSDEEP

      6144:nt5hBPi0BW69hd1MMdxPe9N9uA069TBnFuCndEJA:ntzww69T9FTWq

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      Work/TrInstaller.exe

    • Size

      89KB

    • MD5

      28060f18f05f730ded91d9bde00ae438

    • SHA1

      d334a9f148b332df47e467f8a09e3ad97c3eb616

    • SHA256

      f7331de17aac3cfcb855d72571368c3d563556f68f9e138956fc8179ce3bc19b

    • SHA512

      c7e3d5620681b4f13e99205f3c2243cf3db7f133fa2b638e2002b090cf2abd024a0a742d4f3f5489026c98cd27261cdeb255fdcd62662c4a8aa48db81c506e31

    • SSDEEP

      1536:GqqBNbySepJy3PNRi7iYgnD3OtQDUNUd/+9d:VzvA3P3i7Pw+ts98d

    Score
    1/10
    • Target

      Work/cecho.exe

    • Size

      25KB

    • MD5

      e783bc59d0ed6cfbd8891f94ae23d1b3

    • SHA1

      47fe9045da4b1be2a52d80c0b3cf790e04d29108

    • SHA256

      5c1211559dda10592cfedd57681f18f4a702410816d36eda95aee6c74e3c6a47

    • SHA512

      d09fc6574359a5df8885b035a8d05c4743d58f56fee3ffc2cc4fd7c3beec93c8994cd1f296b99a2f0f17b13ec7b03415912f49e13f5d1541839878f6bc498020

    • SSDEEP

      384:KwoPn3OgrkyDyjNKA7DY+kRKzRq92/A2Yo8SKwRS0JSqRdmMOOI1Kz+ge+u0GgfT:tofFhw9NkRKFqIA4Q0ndmMI15glZBf

    Score
    7/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      Work/explorer.exe.mui

    • Size

      14KB

    • MD5

      3938fd28a440a591963d139b29ac4a64

    • SHA1

      cfbbae54795d6899a71d99c8c468fbc01bd2956b

    • SHA256

      f6913d22dbb63439374a3bc7938f3b0349da2056b81f82f6f058aae515537c86

    • SHA512

      8a4dadbcefd3b6d6ada18e150eb6204ae72ab1955f7478cd06341dd7b231b791fee9b9fd2cc4db3d055577ad1b58eee4481c28479103900ad22e3fe1b595774d

    • SSDEEP

      96:i8RL6t6v0BP5c45wCwCNZH6FTHk+vxji0nFGCSoltGpisiDp/VApzvmfe8zlfORG:AtZJN2FTHJ34KO2fWB4N

    Score
    1/10
    • Target

      Work/nircmd.exe

    • Size

      116KB

    • MD5

      5ed4728caa339c2a7479102f0c04c087

    • SHA1

      20cd453fcac9d9960b0076715d985a55784a6b53

    • SHA256

      7160db2b7a6680480e64f0845512d203a575f807831faf9a652aaef0988f876c

    • SHA512

      a521eac0d54fbfb9726fad3fafcd7779d455ca46e065a3eafc1a7883961b061550bab8e93ce576904b6c6b2d25cf129ff3d2437ed26a6033ac7c0b4c628dc865

    • SSDEEP

      3072:WG0YiclG1aM2F3W07EBxp+wrppp8pKZOijA81fBRHwHlAqzPWKwv:hiclGwI07580l5WJv

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks