fc46199993b65c1ae8a2d13aafaf030e1f44c60e393efcb53acb8fc52f90e6f4 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

155绿色�...��.url

windows7-x64

1

155绿色�...��.url

windows10-2004-x64

1

Ghost安装器.exe

windows7-x64

7

Ghost安装器.exe

windows10-2004-x64

7

Sharing

General

Target

17e2de852e303134bfae71f5c0373f6b_JaffaCakes118
Size

4.5MB
Sample

240627-25wwbaxckf
MD5

17e2de852e303134bfae71f5c0373f6b
SHA1

abd175609d7444e8a12dc9a25fe7523ed25bc868
SHA256

fc46199993b65c1ae8a2d13aafaf030e1f44c60e393efcb53acb8fc52f90e6f4
SHA512

ed255ac253379e768ad82774db8eced29b76331f6df48998dccda3cd25c6fd7dbaeb341c7986781f2081f0a2f23244e6fda90b8db7de563caea200cd07592b7d
SSDEEP

98304:GQ7Aj4SwcavjUJGYsBKfBTTdOtEDP/Q13uYGvfSdabD6mfFvf5:fOcLUJJsYfBTAtiP/Q13TGidE6mfFvB

Score

7^/10

upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

155绿色软件站.url

Resource

win7-20240611-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

155绿色软件站.url

Resource

win10v2004-20240611-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral3

Sample

Ghost安装器.exe

Resource

win7-20240611-en

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral4

Sample

Ghost安装器.exe

Resource

win10v2004-20240611-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  155绿色软件站.url
- Size
  
  219B
- MD5
  
  3a1f2a8a3ef08ae269517a69ea918b2c
- SHA1
  
  7d2e6719702bc8472e045e010efa6ed3f7df4b5b
- SHA256
  
  66eafefa8bb0155e60828476bde6068573fe64a4fd0aa052eba074dbe85d46cd
- SHA512
  
  22203a78192cadc02d0f887247675925273a69e3be82ec1a331197f892216a282cc8f37c3ffbfb578a708244181037277b8cc6a40d8ec70cdf0feac5d80f8576
Score

1^/10
behavioral1 behavioral2
- Target
  
  Ghost安装器.exe
- Size
  
  4.5MB
- MD5
  
  ac33168a21c93cae0af18edcc477baa0
- SHA1
  
  5ba450393e08eaa748a9b03e7bd191106b48a30e
- SHA256
  
  020c3fd01f2802b258becf7411c5d76b405d685d5ec26c1fa7e03d22a052d23b
- SHA512
  
  a5c632103b2b455ae949406a9b4edca40eb72aa9d06bc59f8d290d837b76768422467647cad78619492e856fc871746bf8c07bcdc9e0ccfc1701e273d1aad026
- SSDEEP
  
  98304:XSxZuGZQ2rFDZGagdFKrV+9d7QAbzEK77BJ:ie2rFDQbp9lxzj7VJ
Score

7^/10

upx
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Drops file in System32 directory
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

© 2018-2025

Terms | Privacy