Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

dos.exe

windows7-x64

7

dos.exe

windows10-2004-x64

7

libeay32.dll

windows7-x64

7

libeay32.dll

windows10-2004-x64

7

ssleay32.dll

windows7-x64

7

ssleay32.dll

windows10-2004-x64

7

ucmyqb.dll

windows7-x64

5

ucmyqb.dll

windows10-2004-x64

5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    thunder1 (4).zip

  • Size

    12.9MB

  • Sample

    240706-zr95nssdmr

  • MD5

    9b75adcc76db2cda3589aa944cadb56e

  • SHA1

    575f3c54431b0a9baf5d6c37d901c59c97a5b317

  • SHA256

    a6e797d1c8b081d7ce41f777a744eaf4ef15a9d574eec33cad4296c4c04560ee

  • SHA512

    d691c1f484419c52dceac2db3658fe836e56dc467a5b20506fc0ca13f9eae423366e3d7601e1c3d7808bdd139f6699cfd3102d8a94af927ec251fddc37063478

  • SSDEEP

    393216:p8STfZ3hSa9IH+BfI4R4SC4KRrtZOIu8jlErc:6GRRAKf7WveIu8RE4

Score
7/10
upx

Malware Config

Targets

    • Target

      dos.exe

    • Size

      892KB

    • MD5

      a59a2d3e5dda7aca6ec879263aa42fd3

    • SHA1

      312d496ec90eb30d5319307d47bfef602b6b8c6c

    • SHA256

      897b0d0e64cf87ac7086241c86f757f3c94d6826f949a1f0fec9c40892c0cecb

    • SHA512

      852972ca4d7f9141ea56d3498388c61610492d36ea7d7af1b36d192d7e04dd6d9bc5830e0dcb0a5f8f55350d4d8aaac2869477686b03f998affbac6321a22030

    • SSDEEP

      24576:bGzl9+a4Ne1nEFI56xU+0IdY2Zv952uetfbFEzP4UFhOt:b+tOWnEFZR0El0JEzQAh

    Score
    7/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      libeay32.dll

    • Size

      482KB

    • MD5

      c2703965b8ba0ecf8c5d8a043976facc

    • SHA1

      c578c694d4fe5c15acc3b7aa60e9874d0ded3d54

    • SHA256

      e28e34fbdaff077669586dcdb4e10f0ba2ca6c9973ed4d372a5c3ec3b8ad20e7

    • SHA512

      cb729665206594928a90b29e5c7592120345e92a605122ec6aea564250c4d5d48e1d39c8803820eccde7920aa4d9af99fb3748671de076476d833710b9491d61

    • SSDEEP

      6144:GyAl+J4uce42ylALXYsGB9ZaPEZ3ahnZHFiZlfK/d77ycLFG4683UyS7zooSQQ1z:1Al5SbK0E4Z0EE413UyyzooSTVL

    Score
    7/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral3behavioral4

    • Target

      ssleay32.dll

    • Size

      106KB

    • MD5

      931c97553b3319f21b9ef249aa3cd244

    • SHA1

      42c6611da2154bb6e0911993cf97071908b48bf2

    • SHA256

      7e643c188a1ee3b0251b7dfcab000b7c48fd840eff35189e8a45901852e3910a

    • SHA512

      790141b758aa68c6384aaf6f85b09f9bc641a300a4e7fa05a74c3f89af090fbbfdcfe3dce24842a8d0c75b874839d505692c1951ed66f57e9840c559820514d3

    • SSDEEP

      3072:7/NkvneF5fIzOLshJ/E2IJYuB4/aoutq:Lq/wAJO28R8aoS

    Score
    7/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral5behavioral6

    • Target

      ucmyqb.it

    • Size

      12.8MB

    • MD5

      7a484f2b62bebd2b0ce404e36f768af5

    • SHA1

      cbf166ce093f64ba2270b1adede89868ad15ad97

    • SHA256

      89ed84f69d94e9674b45e924350ecc8ab953e7b1ebfcdf9438d24598e52197f2

    • SHA512

      c40a0bcbc5b5001df39f083b253daf0ce65229a2f04c5e927d2f50c3ec5d6874f8f6ee1100a0a621fb49ed5a3938daa4e1d8db377ebd89a430956b9cf0744b14

    • SSDEEP

      196608:frZ46+UTsubfbYzMTpsT+tkfW7qXObEYoMC1o6MiqhmWVAMn/x:frZ4gLbfbNpsCtkfC3K71+i+A

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral7behavioral8

MITRE ATT&CK Enterprise v15

Tasks