Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    VoiceChanger64f(1.66).exe

  • Size

    1.2MB

  • Sample

    240711-w2qx1a1dmd

  • MD5

    271da96d964aa1b52e85553dc4da7b3a

  • SHA1

    fbabee2839e973c0dc12be83d7d450a9b3bae67b

  • SHA256

    38130c93482996bc6b4828242f63ec0ffb63209409cf92fc9d851f14ee18366c

  • SHA512

    1b50692dc8554e30e7b37fd9d56e294deecc853fb50b4180170370232cfaca70e53f6b36098ccc11e83cea5a9707401227e54ef8fdb67aad90b73c887de49e97

  • SSDEEP

    24576:JFid2uPbWDioGxBu2w+q4v9xEiGV3manbj16IKzO:HSBPi8nnmV2ann16IK

Malware Config

Targets

    • Target

      VoiceChanger64f(1.66).exe

    • Size

      1.2MB

    • MD5

      271da96d964aa1b52e85553dc4da7b3a

    • SHA1

      fbabee2839e973c0dc12be83d7d450a9b3bae67b

    • SHA256

      38130c93482996bc6b4828242f63ec0ffb63209409cf92fc9d851f14ee18366c

    • SHA512

      1b50692dc8554e30e7b37fd9d56e294deecc853fb50b4180170370232cfaca70e53f6b36098ccc11e83cea5a9707401227e54ef8fdb67aad90b73c887de49e97

    • SSDEEP

      24576:JFid2uPbWDioGxBu2w+q4v9xEiGV3manbj16IKzO:HSBPi8nnmV2ann16IK

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Target

      $8/APOConfig.exe

    • Size

      195KB

    • MD5

      77893038ecf3f3a96afaea9db5a8a25f

    • SHA1

      c9ce77d1dfc66390392e5d415e4c349c07a4c0a6

    • SHA256

      36b966087ccbb6a35dbaf7ef22725f18f62bff8cf3514c6a1f66d4ca18485824

    • SHA512

      d7514d0b93224118b329a19ec28c79e83f5779af375080db2f60e2a73e7131a2769850c43a614b0071a3a265dc5745dc016f4963779730550ae49af499bb5818

    • SSDEEP

      6144:9V5+hXJPAWak1DSPdAkAAKHuqBH9AOrAChfBkQULM7m:9n+pJPAWak1DS1eAKHuqBH9XfmQULF

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Target

      $8/ClownfishVoiceChanger.exe

    • Size

      805KB

    • MD5

      208c37506cddf0613517488da3287d12

    • SHA1

      99b918443e424af947ed10aa84fa242af70ca856

    • SHA256

      d29a8c5ad1704c7fbe0e24fadf4a8a1dabe441c84f9dfe4359755cc76c148a61

    • SHA512

      0318dd9ecf5d41504f60fc0f71ac306cafbfb75808c7597a2ab3b745a487d042371fe5c159e42f0a431a29820e4e164e43e78673eb12124b9304adebdf5e2f65

    • SSDEEP

      12288:ddCn17D4nHmjxRL7xU2ZlHIue0FZFVo0iV3NnKX2:dsn134nHkl7tZlHIueAZnQpE2

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Target

      $8/ClownfshAPO64.dll

    • Size

      346KB

    • MD5

      2615829ece553a2aac5f9a03cfcacac2

    • SHA1

      4f271a3d659b4c41ae4b578afe3ce34df4d6a1e7

    • SHA256

      2bc1826abffe6bd74c7352607ed15e7b37c205060a8c27c10bf205b067be380f

    • SHA512

      30c3a462604425b4eb20e5732dc519f9a36b77c6c54f26d9a36995631f6222cfbe37a6b2363d68f9956ed5fe2c4323f8051b2cac6acd9c1dc2b3daaac31e4c8f

    • SSDEEP

      6144:XFaPoCUb5nttyhD5Axo3J1+neolsX4m9V5CQVRpKsVjJfuslgH:XkPQb/S6KOeolsXPvUCJU

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Target

      $PLUGINSDIR/KillProcDLL.dll

    • Size

      4KB

    • MD5

      99f345cf51b6c3c317d20a81acb11012

    • SHA1

      b3d0355f527c536ea14a8ff51741c8739d66f727

    • SHA256

      c2689ba1f66066afce85ca6457ecd36370be0fe351c58422e45efd0948655c93

    • SHA512

      937aa75be84a74f2be3b54dc80fac02c17dad1915d924ef82ab354d2a49bc773ee6d801203c52686113783a7c7ea0e8ed8e673ba696d6d3212f7006e291ed2ef

    Score
    3/10
    • Target

      $PLUGINSDIR/LockedList.dll

    • Size

      27KB

    • MD5

      a1ac202541aeb73245d9caedca1c9577

    • SHA1

      d30dc312d5394f5cde418560bb2e0b6e46f4f7d6

    • SHA256

      7f150baffafedd777ae27ad7d9782f4e804653068053102e55c8438230e65868

    • SHA512

      73e641317b7c16f4f3f8c2786897bac8891065b7f877af3c0892ba222ea4737679096cd9241e0225b85ceb8a1a3d6b9b7016ed016f83ca3d05a2aa33d6cc5913

    • SSDEEP

      768:4yINiCg6KMSMfnYRLYpZjS17JShksxagf6qg:hxap6HhJSfxbZ

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      10KB

    • MD5

      56a321bd011112ec5d8a32b2f6fd3231

    • SHA1

      df20e3a35a1636de64df5290ae5e4e7572447f78

    • SHA256

      bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

    • SHA512

      5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

    • SSDEEP

      192:uv+cJZE61KRWJQO6tFiUdK7ckK4k7l1XRBm0w+NiHi1GSJ:uf6rtFRduQ1W+fG8

    Score
    3/10
    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      f832e4279c8ff9029b94027803e10e1b

    • SHA1

      134ff09f9c70999da35e73f57b70522dc817e681

    • SHA256

      4cd17f660560934a001fc8e6fdcea50383b78ca129fb236623a9666fcbd13061

    • SHA512

      bf92b61aa267e3935f0ea7f47d8d96f09f016e648c2a7e7dcd5ecc47da864e824c592098c1e39526b643bd126c5c99d68a7040411a4cf68857df629f24d4107d

    • SSDEEP

      96:ytJ6tC4jcY5rKhkfL9SYdKkcxM2DjDf3GEfKvBKav+Yx4yndY7ndS27gA:yyj6QS8HREf+BYYxbdqn420

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks