Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Crusher.zip

  • Size

    20.8MB

  • Sample

    240629-zha9zswbjf

  • MD5

    05c3c22bcf1e3132fa613060371f14aa

  • SHA1

    812828415b9b83f4f24584dc19aa44c78394e459

  • SHA256

    a799783600bfc7c93074b7eace12f1ba2aed930e2beb67388e5b2158fe0b5ef6

  • SHA512

    b6f8004ef7800f4fb847bc5f1dfa4cef2df9039d3644c429499e1dacaef6a278cd78fc4ae6df613bfe64852977412cafd607c79c9306e369f8e9e79c5aa325c3

  • SSDEEP

    393216:zun/86YQXECB1405XVMPxzNc8+M8FOKfefC1Cpjg5gkWk4tuJ:i/86YFO1b5XVMjLh8FP2p0nituJ

Score
8/10

Malware Config

Targets

    • Target

      Crusher.bat

    • Size

      122B

    • MD5

      e731ae3239030d9b1b59736da83678a0

    • SHA1

      575add90f5dd29ca3821a809ef74be05cf12ecd8

    • SHA256

      491e86387d7e5e677f1122851e92f19b6723f3772437fbf906e6b1fe8aa49967

    • SHA512

      a0870ca77222301c817e7dd2a750ebb2aad9169544993a1e4541d4d638a448c67b6b9f1b0f20fa4728e2a1b28912bc682a04750355c1a3a8e285ed91c424f4a3

    Score
    8/10
    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      freddurstpayload.bat

    • Size

      796B

    • MD5

      fda90e4c5a003ed7bf37e3c512149769

    • SHA1

      2d4cf75ab93ea71bea58b79da6e5d6a8e228f20c

    • SHA256

      1c3dee110048993597620155de179558f7121ada6390d843cb7d33a5dd26887a

    • SHA512

      f05def505afc994d7200d14d50d4cf1b8d741ce408638b448220cd663f2c562f36f39676b352b2fd898104ef0e0df6833e8f44dbbb4be6488d2f29463b5726ce

    Score
    8/10
    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Target

      laughpayload.bat

    • Size

      100B

    • MD5

      3bada8849c3a612980f0b6f75b630787

    • SHA1

      1fb4f4b180537af49eecd70ea023eb01f328f6d1

    • SHA256

      b708fdb7f8d91672db22da4909e74743571865ef48258be5722fe26a9a35004a

    • SHA512

      d70906d40be86e787a020a833511a763ccb8b428f737e44452093538bde3b3c239ca64c03495f7511ee8714c6aa1ca98d6a83f7bac5f141e5c7f6b0428acf1bc

    Score
    8/10
    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      lol.vbs

    • Size

      49B

    • MD5

      25e67535e2b9f4034acd6827fbbbbfb2

    • SHA1

      8053317618ab02a53b10392f6bef4eae9b81b081

    • SHA256

      f01b352b825ae951eafb6053776487f715661c373db34c2d50ed9984b6002b4f

    • SHA512

      8314ad309515e3d4d1f0ec96ca08e17f9e37a04b3d0140e35d8f2f7352c82d677d26c149c56f9c4983f101d58c0255b28df0659687e98e78aa6cf2dfb4812226

    Score
    1/10
    • Target

      nircmd.exe

    • Size

      45KB

    • MD5

      9cc3c07ac4b98cfaa826d10a48888bf6

    • SHA1

      c5967b86ef51a4bb5d6f4f2740a32a9c38fad91c

    • SHA256

      cf29b37e1ff595120c23245a6e43a15c5c7bf3e59f0f675456b255d402f4bae7

    • SHA512

      273d1a1eb13e52779d9d7942d09468626d440c66bd4504ed505c4f7d41a40ec7c12612468ed2450d293556d146174393b87a3b5d9db2101e7706c2ab741932a3

    • SSDEEP

      768:XOW/mNg68vR3jU0w5N6DdM7aUsz+F2ZxJIwyZxCnogLIerQcRs842trMrvp89:Xn2gl3jBwaR5Uh0yxCzFs5zp8

    Score
    7/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      windowpayload.bat

    • Size

      95B

    • MD5

      e916c6a199e53fb7a8926b74aba02a73

    • SHA1

      d9b06666d647e57df25d5aaa34c0b2449a68cc7e

    • SHA256

      ccf335b3e5ddecc653338dfb68bf7c81062ba2b189c2e821775967590293bba1

    • SHA512

      1918f8ea547390d43257c52d70275b5e438b0b0695afd381c59910efc5d2fa4f99ba29c248579c9a6eec8f8490cf4f5b025c0e827fd78a5317f60558a0de615b

    Score
    8/10
    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks