Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

trichlorom...ty.exe

windows7-x64

1

trichlorom...ty.exe

windows10-2004-x64

1

trichlorom...ty.exe

windows7-x64

1

trichlorom...ty.exe

windows10-2004-x64

1

trichlorom...ne.exe

windows7-x64

8

trichlorom...ne.exe

windows10-2004-x64

8

trichlorom...ty.exe

windows7-x64

1

trichlorom...ty.exe

windows10-2004-x64

1

trichloromethane.exe

windows7-x64

8

trichloromethane.exe

windows10-2004-x64

8

trichlorom...te.bat

windows7-x64

1

trichlorom...te.bat

windows10-2004-x64

1

trichlorom...DL.dll

windows7-x64

1

trichlorom...DL.dll

windows10-2004-x64

1

trichlorom...-4.dll

windows7-x64

3

trichlorom...-4.dll

windows10-2004-x64

3

trichlorom...mu.exe

windows7-x64

1

trichlorom...mu.exe

windows10-2004-x64

1

trichlorom...ss.exe

windows7-x64

1

trichlorom...ss.exe

windows10-2004-x64

1

trichlorom...sm.exe

windows7-x64

1

trichlorom...sm.exe

windows10-2004-x64

1

trichlorom...in.exe

windows7-x64

7

trichlorom...in.exe

windows10-2004-x64

7

trichlorom...bin.py

windows7-x64

3

trichlorom...bin.py

windows10-2004-x64

3

trichlorom...ne.exe

windows7-x64

8

trichlorom...ne.exe

windows10-2004-x64

8

trichlorom...ty.exe

windows7-x64

1

trichlorom...ty.exe

windows10-2004-x64

1

trichloromethane.exe

windows7-x64

8

trichloromethane.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    trichloromethane.exe-Malware-main.zip

  • Size

    11.9MB

  • Sample

    240619-t6mp2aycjj

  • MD5

    88ba7d3e553c95040252de9fcec8027d

  • SHA1

    e2cc3d76ef55615b42a0f0308e1c930e69335e32

  • SHA256

    212689dd6b767a3b00e39654a03b3b8df7d50fdfbb00b139c7a697e4bdf1b6a6

  • SHA512

    2b0eab77d77b9bb22c539ba433cef77ccc04c22da7f088644bb63256882a62ecb4c1ddf2474b467e5b338c1bb7a56cc9468cb634d27d49caca9def38e2ec53dd

  • SSDEEP

    196608:Db8NzEUevvfumu9myPyFIRx9czsykV7O9QbbYXbYRqhl6YAzi1ow0vAGrT8AtK5P:Db8NbeHfuhyFI3qd6xMeegeP0nX8AILV

Score
8/10
bootkitevasionpersistence

Malware Config

Targets

    • Target

      trichloromethane.exe-Malware-main/trichloromethane-safety.exe

    • Size

      83KB

    • MD5

      1453f56916c0ea96b9ba5b49f09757e2

    • SHA1

      3e25edc13b69e5db4769f061f586e42b812996bf

    • SHA256

      da79e0317881f0600ddaddf593184b1e7d6eb54604de089e4d625741e21c004b

    • SHA512

      37febf9c7bd3f35b45de356e8dc92a9bd5e065471669cb9afdb7048308df0c852b3cbfc5f2a3cab2887d67c9dab4f2fb2bb21ee9de42d13b700784367d1f8ca6

    • SSDEEP

      1536:X5RkE0HODVj5XVgyi31RRzuo3tpwOcr2zS5KTV8yYJcsWrcd6/MAedu:X590HODVViFRRz3dpxe2zSwTXoj6/Mz0

    Score
    1/10
    behavioral1behavioral2

    • Target

      trichloromethane.exe-Malware-main/trichloromethane-safety/Release/trichloromethane-safety.exe

    • Size

      83KB

    • MD5

      1453f56916c0ea96b9ba5b49f09757e2

    • SHA1

      3e25edc13b69e5db4769f061f586e42b812996bf

    • SHA256

      da79e0317881f0600ddaddf593184b1e7d6eb54604de089e4d625741e21c004b

    • SHA512

      37febf9c7bd3f35b45de356e8dc92a9bd5e065471669cb9afdb7048308df0c852b3cbfc5f2a3cab2887d67c9dab4f2fb2bb21ee9de42d13b700784367d1f8ca6

    • SSDEEP

      1536:X5RkE0HODVj5XVgyi31RRzuo3tpwOcr2zS5KTV8yYJcsWrcd6/MAedu:X590HODVViFRRz3dpxe2zSwTXoj6/Mz0

    Score
    1/10
    behavioral3behavioral4

    • Target

      trichloromethane.exe-Malware-main/trichloromethane.exe

    • Size

      120KB

    • MD5

      5e8ce90547acca8bd050fccb885558a2

    • SHA1

      a65ca5ddbcabeca7a5b9a243131bf8ce6798e15a

    • SHA256

      2829a026d0c7f6ca2fcba66eeef48606c3307312898fefef8af269dcb2158155

    • SHA512

      ac4aace898b8fa9037590edcce478c649aed9daf4d7fc2285f045aecf0f86d25a69903b1458b96964f6f7e9d4fb8f79ce923896b5ff84008f9f32bf86ff11d8f

    • SSDEEP

      3072:87Vs+B4vSgLkgjIldksHYfYjbyKK03T9zqKyM:24vSuKXHtl

    Score
    8/10
    bootkitevasionpersistence

    • Disables Task Manager via registry modification

      evasion

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral5behavioral6

    • Target

      trichloromethane-safety.exe

    • Size

      83KB

    • MD5

      1453f56916c0ea96b9ba5b49f09757e2

    • SHA1

      3e25edc13b69e5db4769f061f586e42b812996bf

    • SHA256

      da79e0317881f0600ddaddf593184b1e7d6eb54604de089e4d625741e21c004b

    • SHA512

      37febf9c7bd3f35b45de356e8dc92a9bd5e065471669cb9afdb7048308df0c852b3cbfc5f2a3cab2887d67c9dab4f2fb2bb21ee9de42d13b700784367d1f8ca6

    • SSDEEP

      1536:X5RkE0HODVj5XVgyi31RRzuo3tpwOcr2zS5KTV8yYJcsWrcd6/MAedu:X590HODVViFRRz3dpxe2zSwTXoj6/Mz0

    Score
    1/10
    behavioral7behavioral8

    • Target

      trichloromethane.exe

    • Size

      120KB

    • MD5

      5e8ce90547acca8bd050fccb885558a2

    • SHA1

      a65ca5ddbcabeca7a5b9a243131bf8ce6798e15a

    • SHA256

      2829a026d0c7f6ca2fcba66eeef48606c3307312898fefef8af269dcb2158155

    • SHA512

      ac4aace898b8fa9037590edcce478c649aed9daf4d7fc2285f045aecf0f86d25a69903b1458b96964f6f7e9d4fb8f79ce923896b5ff84008f9f32bf86ff11d8f

    • SSDEEP

      3072:87Vs+B4vSgLkgjIldksHYfYjbyKK03T9zqKyM:24vSuKXHtl

    Score
    8/10
    bootkitevasionpersistence

    • Disables Task Manager via registry modification

      evasion

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral10behavioral9

    • Target

      trichloromethane.exe-Malware-main/trichloromethane/PayloadMBR/Create.bat

    • Size

      397B

    • MD5

      61e988b23f22b1c21626df02ca92b010

    • SHA1

      bd60038f968325dbe556f583d0ae7ea306c6d332

    • SHA256

      05a3a4faa2422e5d923439f6bafb331e0c1a2a2a334f376bdda6a49feef90e09

    • SHA512

      cbc564bd2af5b901cacb2114ab26a4dce12575a3e6a2fb20547adfef0605b2481020faa9837556fcec3fbecee146ce373905535f58c86a8f1d81e624574b2538

    Score
    1/10
    behavioral11behavioral12

    • Target

      trichloromethane.exe-Malware-main/trichloromethane/PayloadMBR/Programs/QEMU/SDL.dll

    • Size

      1.0MB

    • MD5

      cea03998e710dc5bfc4954cde440333d

    • SHA1

      a6490955fa171fd85a6e64d06642e129493c7ba4

    • SHA256

      0cce4795789a49c433d7f9d1ce7663f265f948f672ebde5fec41f2447fcd8741

    • SHA512

      c2aa76413fa9526abad2a3a61f3d0595027df32bcb7e0005a654625a7c894f386563d277ccda89d6eb96fdb869d262252927cfdf764c26c2dfd5cc966d23cfa3

    • SSDEEP

      12288:lFqs6ZgPvI6bw3uJwV/MRb2F6t1YAG7S86OIYO8iJghIQoXk6MEgw4u8XcQexssC:lFqs6gvIgoYSF6vE7CwoQ6LwUGdL

    Score
    1/10
    behavioral13behavioral14

    • Target

      trichloromethane.exe-Malware-main/trichloromethane/PayloadMBR/Programs/QEMU/libcurl-4.dll

    • Size

      295KB

    • MD5

      baae54b1157b4c9587cceb4680b13da5

    • SHA1

      939642b482d3e7697cec88d11aebc07bb076c2d1

    • SHA256

      cde6e2b58641afd108ae2606337a71775021127a6109d6d64eadb056ca4598b7

    • SHA512

      433f411f740bb2978a47776fa856874717531985ca3bfbf17cb2f6d1e106585132a7a90ef7b803a10f1293aaad63f2264ee8a8aea2806593d6944e189e0ff813

    • SSDEEP

      6144:wK0GMvBI/QtKUbp9pDKRCzKuGpHTBI9yAR17rRH:wKEvB7Ke9pDXgHTdm7dH

    Score
    3/10
    behavioral15behavioral16

    • Target

      trichloromethane.exe-Malware-main/trichloromethane/PayloadMBR/Programs/QEMU/qemu.exe

    • Size

      2.5MB

    • MD5

      98dfea60ecff618c2940823119a279b4

    • SHA1

      aab26cb098fdb76a4643044f494d9b09a7796038

    • SHA256

      fa2255e47506aa291b59f003b298b98b4ab50b4138a0be87fcbdc5a90696b9bc

    • SHA512

      306d9a66a0209d4c805fafbfbff88a9788574ab4999956fd03cda784a67b8dab2fb5d02ca0a7bdf269c7efc1e4564c0bd2f2e1c610ddf54b401c89e705d8613d

    • SSDEEP

      49152:mH1QTnKjzdXskm4AwiiBfFS28OSNI6EsGC+T:mSLKjRXskmPwLBfFGOSNhEsGC

    Score
    1/10
    behavioral17behavioral18

    • Target

      trichloromethane.exe-Malware-main/trichloromethane/PayloadMBR/Programs/compress.exe

    • Size

      50KB

    • MD5

      884e43a197998dfeac6865c525321935

    • SHA1

      32c27b036332e795fbe1060bcb43fe84468e423b

    • SHA256

      abccc981147d5f9b43463e0f9ec6b7f168b7444626048c6c6a1c4dd7f8137096

    • SHA512

      558d587ec0d0f07555d13d9d3262dcfdd5c344d735a2b5220356554467f255c42345b2b2443ea373537a9c4098c66ad0368fb8b2c62dd1922308276df5a3775e

    • SSDEEP

      768:K4u2i8xCuM5AFEApuz7WHLeEA6vyFuu8A5U:ru0MApuereN6j

    Score
    1/10
    behavioral19behavioral20

    • Target

      trichloromethane.exe-Malware-main/trichloromethane/PayloadMBR/Programs/nasm.exe

    • Size

      1.2MB

    • MD5

      288f2be6334f4ea09abf3209166f9ac1

    • SHA1

      c6c613aea50ee2f51518b2e5e0e1041ee101beb5

    • SHA256

      442f6f984804c2e08c151f5565c2fdddda3a899d8e380512f271a3edbbf34cb4

    • SHA512

      470ad18548d290bfbe4de768258ac6fc0863d28f4ad5bd8d169cff0d84f1326fb33351c5549c8f888258a7226ad8701ec2d913a8de300a96333403d60a510baa

    • SSDEEP

      12288:dzMVtmYR2GGsxc7rjzWzzEqGc3I/Iga5/:dQCYEGGsxcvjzWX5/

    Score
    1/10
    behavioral21behavioral22

    • Target

      trichloromethane.exe-Malware-main/trichloromethane/PayloadMBR/Programs/png2bin.exe

    • Size

      8.5MB

    • MD5

      c6f98ceec41c080120ebd6121fab72a1

    • SHA1

      d4e06fafc5807055acccad44bf31031f765868f7

    • SHA256

      b6f3a0a6345932dca7df51b7cd7ec56d9c4fee9217772c4fd3efd8a37547a413

    • SHA512

      06d8a957d3f69cb89e4172e11b0c3f6377dfacfd119d7da364781cff18edcfe04b2f5a6c8741088241fe3b9c2cd5c5b5c6112e0ff90e94e160a46caecea56f24

    • SSDEEP

      196608:rgF+h90+7s8H9EmtqZiIP/Kr1zBB0PTAjQDCwkWt5JvVlkzKssOZK:rgF+h9fBGvrY1lOXHkW3O2ss

    Score
    7/10

    • Loads dropped DLL

    behavioral23behavioral24

    • Target

      trichloromethane.exe-Malware-main/trichloromethane/PayloadMBR/Programs/png2bin.py

    • Size

      1KB

    • MD5

      32dfd28117b185e4870eaf506bb38af7

    • SHA1

      b3f3572f0f4403d90889ee5cae7f0774759a1328

    • SHA256

      f12bf9386320e3bf1419cc0227430d86c280d40a855b35aff36939f0396b11c7

    • SHA512

      247b2ab09495f1a596bfcd567df5a39742591164b1472fd5e6c13d02dbcef0906212a8c06ddfdc8233e11af01cbf8b32536fff1550d7dc7599153d55edcf974d

    Score
    3/10
    behavioral25behavioral26

    • Target

      trichloromethane.exe-Malware-main/trichloromethane/Release/trichloromethane.exe

    • Size

      120KB

    • MD5

      5e8ce90547acca8bd050fccb885558a2

    • SHA1

      a65ca5ddbcabeca7a5b9a243131bf8ce6798e15a

    • SHA256

      2829a026d0c7f6ca2fcba66eeef48606c3307312898fefef8af269dcb2158155

    • SHA512

      ac4aace898b8fa9037590edcce478c649aed9daf4d7fc2285f045aecf0f86d25a69903b1458b96964f6f7e9d4fb8f79ce923896b5ff84008f9f32bf86ff11d8f

    • SSDEEP

      3072:87Vs+B4vSgLkgjIldksHYfYjbyKK03T9zqKyM:24vSuKXHtl

    Score
    8/10
    bootkitevasionpersistence

    • Disables Task Manager via registry modification

      evasion

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral27behavioral28

    • Target

      trichloromethane-safety.exe

    • Size

      83KB

    • MD5

      1453f56916c0ea96b9ba5b49f09757e2

    • SHA1

      3e25edc13b69e5db4769f061f586e42b812996bf

    • SHA256

      da79e0317881f0600ddaddf593184b1e7d6eb54604de089e4d625741e21c004b

    • SHA512

      37febf9c7bd3f35b45de356e8dc92a9bd5e065471669cb9afdb7048308df0c852b3cbfc5f2a3cab2887d67c9dab4f2fb2bb21ee9de42d13b700784367d1f8ca6

    • SSDEEP

      1536:X5RkE0HODVj5XVgyi31RRzuo3tpwOcr2zS5KTV8yYJcsWrcd6/MAedu:X590HODVViFRRz3dpxe2zSwTXoj6/Mz0

    Score
    1/10
    behavioral29behavioral30

    • Target

      trichloromethane.exe

    • Size

      120KB

    • MD5

      5e8ce90547acca8bd050fccb885558a2

    • SHA1

      a65ca5ddbcabeca7a5b9a243131bf8ce6798e15a

    • SHA256

      2829a026d0c7f6ca2fcba66eeef48606c3307312898fefef8af269dcb2158155

    • SHA512

      ac4aace898b8fa9037590edcce478c649aed9daf4d7fc2285f045aecf0f86d25a69903b1458b96964f6f7e9d4fb8f79ce923896b5ff84008f9f32bf86ff11d8f

    • SSDEEP

      3072:87Vs+B4vSgLkgjIldksHYfYjbyKK03T9zqKyM:24vSuKXHtl

    Score
    8/10
    bootkitevasionpersistence

    • Disables Task Manager via registry modification

      evasion

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

bootkitevasionpersistence
Score
8/10

behavioral6

bootkitevasionpersistence
Score
8/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

bootkitevasionpersistence
Score
8/10

behavioral10

bootkitevasionpersistence
Score
8/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
3/10

behavioral16

Score
3/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
7/10

behavioral24

Score
7/10

behavioral25

Score
3/10

behavioral26

Score
3/10

behavioral27

bootkitevasionpersistence
Score
8/10

behavioral28

bootkitevasionpersistence
Score
8/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

bootkitevasionpersistence
Score
8/10

behavioral32

bootkitevasionpersistence
Score
8/10