Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3f58da2e1652dddab53995166f24993f.exe

  • Size

    877KB

  • Sample

    240712-jmjtxswhrc

  • MD5

    3f58da2e1652dddab53995166f24993f

  • SHA1

    1721c19909c2309398d5174f9fcb2abcff51e862

  • SHA256

    d14ee261ed6c5dddc1900587c455991defe0f49c1da1172d7f8f1e163309d3e8

  • SHA512

    ece1950851e0724f465471cfd50021f0c13642f66753c56bb77c91e6db972032ce272286f2d51f5c87edb61b806cd8a21458286f8bd1b799821526966b10dca1

  • SSDEEP

    24576:MGxOacf/CoFPz8s43+ae4Y9hJ9HFtMr6lLwLkM0VP90ef2:XxyCoZz943+YaJNFtM+5wL3AP912

Malware Config

Targets

    • Target

      3f58da2e1652dddab53995166f24993f.exe

    • Size

      877KB

    • MD5

      3f58da2e1652dddab53995166f24993f

    • SHA1

      1721c19909c2309398d5174f9fcb2abcff51e862

    • SHA256

      d14ee261ed6c5dddc1900587c455991defe0f49c1da1172d7f8f1e163309d3e8

    • SHA512

      ece1950851e0724f465471cfd50021f0c13642f66753c56bb77c91e6db972032ce272286f2d51f5c87edb61b806cd8a21458286f8bd1b799821526966b10dca1

    • SSDEEP

      24576:MGxOacf/CoFPz8s43+ae4Y9hJ9HFtMr6lLwLkM0VP90ef2:XxyCoZz943+YaJNFtM+5wL3AP912

    • Modifies Windows Defender Real-time Protection settings

    • Modifies Windows Defender notification settings

    • Modifies security service

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Target

      $PLUGINSDIR/SelfDel.dll

    • Size

      5KB

    • MD5

      e5786e8703d651bc8bd4bfecf46d3844

    • SHA1

      fee5aa4b325deecbf69ccb6eadd89bd5ae59723f

    • SHA256

      d115bce0a787b4f895e700efe943695c8f1087782807d91d831f6015b0f98774

    • SHA512

      d14ad43a01db19428cd8ccd2fe101750860933409b5be2eb85a3e400efcd37b1b6425ce84e87a7fe46ecabc7b91c4b450259e624c178b86e194ba7da97957ba3

    • SSDEEP

      96:NdekHUj5z13cPopei+Ml9PNDFbS7xg+TScrQ5:NdeuU9xcPopr+M9FbSS+TSE

    Score
    7/10
    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      7KB

    • MD5

      b4579bc396ace8cafd9e825ff63fe244

    • SHA1

      32a87ed28a510e3b3c06a451d1f3d0ba9faf8d9c

    • SHA256

      01e72332362345c415a7edcb366d6a1b52be9ac6e946fb9da49785c140ba1a4b

    • SHA512

      3a76e0e259a0ca12275fed922ce6e01bdfd9e33ba85973e80101b8025ef9243f5e32461a113bbcc6aa75e40894bb5d3a42d6b21045517b6b3cf12d76b4cfa36a

    • SSDEEP

      96:JwzdzBzMDhOZZDbXf5GsWvSv1ckne94SDbYkvML1HT1fUNQaSGYuH0DQ:JTQHDb2vSuOc41ZfUNQZGdHM

    Score
    3/10
    • Target

      $_32_/PowerRun64.exe

    • Size

      923KB

    • MD5

      efe5769e37ba37cf4607cb9918639932

    • SHA1

      f24ca204af2237a714e8b41d54043da7bbe5393b

    • SHA256

      5f9dfd9557cf3ca96a4c7f190fc598c10f8871b1313112c9aea45dc8443017a2

    • SHA512

      33794a567c3e16582da3c2ac8253b3e61df19c255985277c5a63a84a673ac64899e34e3b1ebb79e027f13d66a0b8800884cdd4d646c7a0abe7967b6316639cf1

    • SSDEEP

      24576:X2DW/xbMX2YIbxQsu3/PNLoQ+HyS2I4jRk:X2EgXoQsW/PNUQWnX4jRk

    Score
    4/10
    • Target

      $_32_/SetACL64.exe

    • Size

      601KB

    • MD5

      1fb64ff73938f4a04e97e5e7bf3d618c

    • SHA1

      aa0f7db484d0c580533dec0e9964a59588c3632b

    • SHA256

      4efc87b7e585fcbe4eaed656d3dbadaec88beca7f92ca7f0089583b428a6b221

    • SHA512

      da6007847ffe724bd0b0abe000b0dd5596e2146f4c52c8fe541a2bf5f5f2f5893dccd53ef315206f46a9285ddbd766010b226873038ccac7981192d8c9937ece

    • SSDEEP

      12288:3G2NBTh+l8gAqAbdsuEa3nZGSebY7o937bfJ9Ud:3xNBTYlaLdaynZGBc7orbJ9Ud

    Score
    1/10
    • Target

      $_32_/cabweejcuqvpws.exe

    • Size

      5KB

    • MD5

      6b1213639bc5ffc4f1af8c17420d4b1f

    • SHA1

      ee2d622099fb19a8ed7e1c6137f60ac86fa65486

    • SHA256

      1fa9e2264b4954f01a83f6a4e8bc7982516091e0fb0c6a2f6154fa87164148b7

    • SHA512

      03a81297f140b0428636452075c1465d895485268ba243b03562495a5ff46cd392ef8d1a13d0c738d2cf3b560d0ef73afcc63f210b3bdbf4d931e2e204cf4498

    • SSDEEP

      48:6isDgDtjQHbc6akyAnx2mMM4ife1QivkZZtMlDIra569FHpfbNtm:X1JQpjVfeT1+fzNt

    Score
    1/10
    • Target

      $_32_/p64.bat

    • Size

      12KB

    • MD5

      1abf8067994181b1a38867bf6437f9d2

    • SHA1

      d25e23848f65b85f0f21e9a0a69e4268b625eca2

    • SHA256

      23bbb732ff55ab62dc8863a69626ef5655f60bf0d7b96fa2818a895e81283b40

    • SHA512

      6237826de2feaf63c2f1312680118474f9b60f5516a05e171743a09a088d7c9bfd06ce9de17852e6f4c2dcb577814163621ff27b2a7bbb37f2a1ae130f64d882

    • SSDEEP

      192:lBoBaf8nBftOMBzALyeKv9eA3sQlxRyEiLivnzA6fFrs3qUEGA6oh/HbzBBzKF6a:QK

    • Target

      $_32_/win_version_csharp.exe

    • Size

      6KB

    • MD5

      7cb364701028767f8942cc3f8439f8f2

    • SHA1

      d6bede2206b7042b4cae32f416e1b43ffac94238

    • SHA256

      a2716605f8dd1930808e6918db670a3fe32287791862883dbabd26849b87b09e

    • SHA512

      3011b3d64f79280ab05de9658c4f5a13f637ad2e79d5770cfaeb3af6cb8c7a56b610dad69fdf295112be64cfb80e18f30bb1829eb3c0e549105f63d0e770dc13

    • SSDEEP

      96:/uidPNKO2mkcQ7DBOrkB0kPkKXwF4dkd8Nue3qYMns1BjgtRQWWzNt:FIOu7DBOrkB0kPkKXwF4dkd8Nn34nUBR

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks