Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

.-jml-.-main/main.py

windows10-1703-x64

8

.-jml-.-ma...oad.py

windows10-1703-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AutoScraper-Premium.zip

  • Size

    13KB

  • Sample

    240709-wy3sdsxgnn

  • MD5

    19ddebb565fa0bd8632019c59f6698e7

  • SHA1

    2d29df5dfa23acef994c58d9b41bb7d8dd38dcc4

  • SHA256

    c6d1641cd1ac56f071c65e0db0a31ec8c27269f32f4c9a2e670c00c1a788dae2

  • SHA512

    e5b3621e6f319983bfb9adce19d319c530b0201ad7f8e7a8d8a3473752d306603e8f76745c3597afdb50d9fd352fa33a48057dc23fc0d54fe49f9dda940e3ecd

  • SSDEEP

    384:/IwsAZKaayJLuhb3e8AJy3dVVMo743wpC3mkFlWGx9G:v3Ka1JMa8Ac3dVSz3uC3mktvG

Score
8/10
discoverypersistenceprivilege_escalation

Malware Config

Targets

    • Target

      .-jml-.-main/main.py

    • Size

      16KB

    • MD5

      fda622af2c65ba06ae60544255d37653

    • SHA1

      849aeb7020f04045c3a920e236653e3a2f4907ac

    • SHA256

      99e29c3c7c18bc94e4891ec1945eea6b9d7e7dd50155c95f9d7dcafd97295905

    • SHA512

      0bb423bb484f66a3ce46def760c9115058912a82c2a2e954c383d174bb9dd968ba62b727b9a1f7f6f4b38645104e5fef1b0b3e22ae0df42fc171f78be86e676c

    • SSDEEP

      384:ZBZIKMA1AhMGkQ4qCo6hVLVAQ1uC/aAJwGjqcLB8VQbBy2EARA6xh4zSyG:ZV1AhIe+sQ1uC/aGVRByZ6x3

    Score
    8/10
    discoverypersistenceprivilege_escalation

    • Downloads MZ/PE file

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1

    • Target

      .-jml-.-main/scraped/upload.py

    • Size

      1B

    • MD5

      68b329da9893e34099c7d8ad5cb9c940

    • SHA1

      adc83b19e793491b1c6ea0fd8b46cd9f32e592fc

    • SHA256

      01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

    • SHA512

      be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09

    Score
    3/10
    behavioral2

MITRE ATT&CK Enterprise v15

Tasks