Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    320c2bf617ca46f8b48ac1ed5e2e3edf11b89c6c3b9429bbc630a47ad65c73ca

  • Size

    3.2MB

  • Sample

    240705-tjqheatema

  • MD5

    15b15cd4038bff493586eed699456216

  • SHA1

    bb68bc0b7c0381cd82f2e563dc1a000ebd65bbb4

  • SHA256

    320c2bf617ca46f8b48ac1ed5e2e3edf11b89c6c3b9429bbc630a47ad65c73ca

  • SHA512

    e284cd5db21034d184b0e7e1e753b6b18033fbc787e079b1db8664a53dd2fa5d51842f9cc028dc49c1fc493696a579c52b147d10a34db16889b74adf0f06c602

  • SSDEEP

    98304:3Vxmyi9810EpbBqplqYxPjdzQbEk021nYeJ/VbIp:3riobsJxPjOz0lsUp

Malware Config

Targets

    • Target

      winhex19来自百度/Chinese.dat

    • Size

      21KB

    • MD5

      833ab5b37febb906dbfa095b8793d46e

    • SHA1

      7628d462af363c3714af98b6f9d88f40908304db

    • SHA256

      bf96bcd2180b7d5f1c5c50d1f3d146160b8a1ad642c0049c8cf283ec5bf1a172

    • SHA512

      07913534721c72619504f17b25ab441fa7ca527f67792edbd29186a75d130e7f611bf242d266736ae89fe798f0fb450bc3d5924e848d0921517450785778aada

    • SSDEEP

      192:nqkhd5kGU7tofwjcWvYYadJNAxfCZTrlJbLE9JUUcGTqEwu5uBSaoV/xNKMlrk+:JdadtlzvYYadJsUJ3aJUUcGTKjMrNrk

    Score
    1/10
    • Target

      winhex19来自百度/Dokan.exe

    • Size

      658KB

    • MD5

      b2e209833057cc4780209a6002c45d12

    • SHA1

      8ce9986d09e446ac9781de6de39d8cff765d8f98

    • SHA256

      3d676ce6e3a12c14f275b03f64d73d49463a0ff946a5f661b603559025e71a84

    • SHA512

      d39222d0136f27cf01b14cc147eb149e266e55f8bc265fd15b158d785bc246f02be3a0156c79ceb96ee5d2142cb2c85ed6bdc563633cbdb142c60fc90fc97288

    • SSDEEP

      12288:zgFlvmqVx1SCW6rER4afkJPAPO1Bet3+xii6hD+ueolM:cbwCEyLJKOmeFO6ue0M

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      883eff06ac96966270731e4e22817e11

    • SHA1

      523c87c98236cbc04430e87ec19b977595092ac8

    • SHA256

      44e5dfd551b38e886214bd6b9c8ee913c4c4d1f085a6575d97c3e892b925da82

    • SHA512

      60333253342476911c84bbc1d9bf8a29f811207787fdd6107dce8d2b6e031669303f28133ffc811971ed7792087fe90fb1faabc0af4e91c298ba51e28109a390

    • SSDEEP

      96:UPDYcJ+nx4vVp76JX7zBlkCg21Fxz4THxtrqw1at0JgwLEjo+OB3yUVCdl/wNj+l:UPtkuWJX7zB3kGwfy0nyUVsxCjOMb1u

    Score
    3/10
    • Target

      $PROGRAMFILES/Dokan/DokanLibrary/README.url

    • Size

      147B

    • MD5

      d73e2ea707a98bce24b1970c91d82f6c

    • SHA1

      958c538cbf96d06dd81f014fe4ac0c90137c5d40

    • SHA256

      64bdc2e022158e93eefb2f1473f419ae9f135bc193a846300d95be39a0a4237d

    • SHA512

      0201be70496c4961219b5063c95461dba01e03961e1aa3170518de615c1337551c2fc78b3e957817e534d431e0c71781492967688b3ee95ab3ab664f6ee9a658

    Score
    6/10
    • Checks whether UAC is enabled

    • Legitimate hosting services abused for malware hosting/C2

    • Target

      $PROGRAMFILES/Dokan/DokanLibrary/dokanctl.exe

    • Size

      19KB

    • MD5

      e40b0a2f59f793740329ed22d3b541f7

    • SHA1

      2bc325c247e35040841f6f5eb0cdc965a026c947

    • SHA256

      83b3bdeb96229130d83b7b813a73cb88e08f347e3488ec8b9fa09be135e5e590

    • SHA512

      846d2023862ff8e49506223d9016c56fce9931a5167ab85a89d7d59343837d00db20b0754b8880b4ff634b1a86a7ca24ce8fe5cfbcecff51183c481fdcbced96

    • SSDEEP

      192:fzbL1R1TGInfuQyPZdSb+xfILyIfIQXJfHCAtAO8cwEBnYe+PjPDHDJVg2bjymzt:fb1HUm+CZfICJHLtgcw4nYPLDHxF60/

    Score
    1/10
    • Target

      $PROGRAMFILES/Dokan/DokanLibrary/include/fuse/ScopeGuard.h

    • Size

      6KB

    • MD5

      ac9b04dcb1bf826e1fd0b6428585ce99

    • SHA1

      d98f35b0be9b47cbb20d40448724f50e877dcc75

    • SHA256

      b69359de466ec783f7a0070c9ecc2930e0cf4ede5d729eb7f2a408afcfdf9f33

    • SHA512

      9558037d7a82cb64decdf511f387315b8c71773217eaa7097b48bfbc16e245a877b7e24d6e64ddd2c3a0d3dcc7827a91c87e8cb7058d2c202cc2678fd7fd19a3

    • SSDEEP

      96:wxWHb1jCneAKFIIlVSDhvKNWisAfav8TsumLEnyRbohH:LG3oDsyyoH

    Score
    3/10
    • Target

      $PROGRAMFILES/Dokan/DokanLibrary/include/fuse/fuse_opt.h

    • Size

      7KB

    • MD5

      aa66662107a23f3e24cfaa54bcd42eb5

    • SHA1

      00b7983edf4188cf9b7d1b93a9fdc1f84e820bcb

    • SHA256

      55174accdbc584dc5e2d875837f6debb57f6c3fd8e0c379b64396cdd48e45472

    • SHA512

      b6eb422d1fc2c17e6ac5723462b9dd90b835b5931edb789922d0bc79b545d5b381f514bace5f6c86682d25f1af429237b53985039403a4926aabf55877456778

    • SSDEEP

      192:b+QRIDI8NRdUgIrirNFwa3Q3nQMM1mII91XxVgl:yQSKGF5mnQahA

    Score
    1/10
    • Target

      $PROGRAMFILES/Dokan/DokanLibrary/mounter.exe

    • Size

      22KB

    • MD5

      6569d05c382977bca5644385b464b611

    • SHA1

      e2e7be33f3ef79c010dbbf57cc2a6a4e9fc63d23

    • SHA256

      7e999ffd64d21810b7eb7725188b0023fba19753875ae6b0c27f0d5d9d9e4503

    • SHA512

      2b38a5ff0c494bdbd68f074070d480ec6902df84bc912cfd6c064a87ed0bd5f6dd1667f14347732f19b326e1179206698a925df40a2a76eeffad0da79292131b

    • SSDEEP

      384:EBu+IqJyYVFKu4WTntWDiIEHTuAgbOPTn2fVQ8kDhJh3EWqnYPLDHxF6O:Eg+TwYPNWi7Ht3EPGmO

    Score
    1/10
    • Target

      $PROGRAMFILES/Dokan/DokanLibrary/sample/mirror/mirror.exe

    • Size

      33KB

    • MD5

      6acbc945f2d080370369e635b0dbf34e

    • SHA1

      94ced85b00dd5c35b8c0089f8f55168fb9236856

    • SHA256

      9fb18147d2d0fbe0ca4380b046ec4c8b4e9c768563496f55af3f7ab030e11b08

    • SHA512

      cf0b7d7ce7ccd21165e64eef7dac607870fbf9a9ca77789befb81b19554c6a8715f3941cede865427a92208db14fbed8eda6bfa826cb73024c73b2e52bc76793

    • SSDEEP

      384:tzTNGajG5cxPcazjBb7IRRFg0yk/+pK7lq9pehABt7OCnYPLDHxF6A:tzJj1xEaeRF2kAxP1tCCGmA

    Score
    1/10
    • Target

      $PROGRAMFILES64/Dokan/DokanLibrary/README.url

    • Size

      147B

    • MD5

      d73e2ea707a98bce24b1970c91d82f6c

    • SHA1

      958c538cbf96d06dd81f014fe4ac0c90137c5d40

    • SHA256

      64bdc2e022158e93eefb2f1473f419ae9f135bc193a846300d95be39a0a4237d

    • SHA512

      0201be70496c4961219b5063c95461dba01e03961e1aa3170518de615c1337551c2fc78b3e957817e534d431e0c71781492967688b3ee95ab3ab664f6ee9a658

    Score
    6/10
    • Checks whether UAC is enabled

    • Legitimate hosting services abused for malware hosting/C2

    • Target

      $PROGRAMFILES64/Dokan/DokanLibrary/dokanctl.exe

    • Size

      19KB

    • MD5

      217420512a7ead98b0af328f6bfd2e24

    • SHA1

      7a46e505dd933d93de7e3cc16b1f8f7bb01a15cf

    • SHA256

      4b3584794ffc6e947b54c8c296405f400b0325f5419d978164625b29c783ccec

    • SHA512

      7f4ed1fe023cc4a65a45ef635c26707ea545be7cf51b6ed5274c5101cdf7274ecd750860a5a5f02b27a959117cc38048763f0057d9da4940d616c52c1df9ab79

    • SSDEEP

      384:HHQq/E4Q/sWh1dN+Ctu/ICBHD1nYPLDHxF6I5L:HTLLadoCU/ZZZGmI5L

    Score
    1/10
    • Target

      $PROGRAMFILES64/Dokan/DokanLibrary/include/fuse/ScopeGuard.h

    • Size

      6KB

    • MD5

      ac9b04dcb1bf826e1fd0b6428585ce99

    • SHA1

      d98f35b0be9b47cbb20d40448724f50e877dcc75

    • SHA256

      b69359de466ec783f7a0070c9ecc2930e0cf4ede5d729eb7f2a408afcfdf9f33

    • SHA512

      9558037d7a82cb64decdf511f387315b8c71773217eaa7097b48bfbc16e245a877b7e24d6e64ddd2c3a0d3dcc7827a91c87e8cb7058d2c202cc2678fd7fd19a3

    • SSDEEP

      96:wxWHb1jCneAKFIIlVSDhvKNWisAfav8TsumLEnyRbohH:LG3oDsyyoH

    Score
    3/10
    • Target

      $PROGRAMFILES64/Dokan/DokanLibrary/include/fuse/fuse_opt.h

    • Size

      7KB

    • MD5

      aa66662107a23f3e24cfaa54bcd42eb5

    • SHA1

      00b7983edf4188cf9b7d1b93a9fdc1f84e820bcb

    • SHA256

      55174accdbc584dc5e2d875837f6debb57f6c3fd8e0c379b64396cdd48e45472

    • SHA512

      b6eb422d1fc2c17e6ac5723462b9dd90b835b5931edb789922d0bc79b545d5b381f514bace5f6c86682d25f1af429237b53985039403a4926aabf55877456778

    • SSDEEP

      192:b+QRIDI8NRdUgIrirNFwa3Q3nQMM1mII91XxVgl:yQSKGF5mnQahA

    Score
    1/10
    • Target

      $PROGRAMFILES64/Dokan/DokanLibrary/mounter.exe

    • Size

      24KB

    • MD5

      166428c4def3b4b3db206770011b044f

    • SHA1

      e37de4a30f6aac82d3294a43646e20619b94eb18

    • SHA256

      7bb5e6094d27be2ecd2c5f9d3990cb81eb02a26314388e546a60918686fd91a9

    • SHA512

      e45368344a68698ff4efa9ab4f9bcf6b8099825c96c57e6af37afbfe7e2ac699af8e399f3dfb08d9c66afd501efe8f4e87cbffb42660c3e609825af3a81022f3

    • SSDEEP

      384:9N4SJ1SIyN1tzzI1UJpRsGgAbuP0gncNfVA8UEHUHCunYPLDHxF6BH:9SNzdzQUuHCuGm1

    Score
    1/10
    • Target

      $PROGRAMFILES64/Dokan/DokanLibrary/sample/mirror/mirror.exe

    • Size

      34KB

    • MD5

      d2558426e6a7dcfcfdc070972e761175

    • SHA1

      cec9616ce32b4ae0f683dcee3a5e1ae75edda2bf

    • SHA256

      37e0aa7808e82ca01ef3eb9e937e5976ccc75503af6b70e42edf437673c97568

    • SHA512

      3636b9731d5a5806378aa41055b7b4639cea3ca04d5b06cfa92050a25790612588901415cdeffb345c3a7953e3221e1647656782a6d068ea0528d4cfafdc45ab

    • SSDEEP

      384:5BoJShlcKiBtUqaCg8gWmiDe5Tno8Ermb7oxRlA0ykf+DoolK+5pTdLK63/nYPLM:5BcShlmBtdiPtodRlWkg7Q6PGm3

    Score
    1/10
    • Target

      $SYSDIR/dokan.dll

    • Size

      37KB

    • MD5

      aabd2e7fb2fd1036fd1ba8f1c5d1386b

    • SHA1

      7e00b00237fd7784a75ff9dfcc24c56d0d801e4f

    • SHA256

      a72a2544d8ab64094dddc759d26300581e03ae6b736ee0bfba67171e1cb6d148

    • SHA512

      26e70bfbb590922f5d761215af3522eddc29425ea33637ea1deeda7cb89db412bc0e1ed4eb1aaca89462962829226582fec13e40affddae74a1af0797d7d4992

    • SSDEEP

      768:JJuJRvI2ALAGUg00j0M6mYLnYqYyKMeEtMqGmx4:JJuJ1PAL10M6LYqYKeIgx

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

evasiontrojan
Score
6/10

behavioral8

Score
6/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

execution
Score
3/10

behavioral12

execution
Score
3/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

evasiontrojan
Score
6/10

behavioral20

Score
6/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

execution
Score
3/10

behavioral24

execution
Score
3/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10