Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

PhysxExt.dll

windows10-1703-x64

1

loaderV4.exe

windows10-1703-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    loader-installer.zip

  • Size

    16.0MB

  • Sample

    240713-z2kb1azcnc

  • MD5

    4d6a5d36b22ea96333f0fcd788b7e16f

  • SHA1

    df24faa703a60bca625b24dea95d9af7b9dcfeff

  • SHA256

    8af1ae8a6d1965b0e4c83ba47f044c2f81c711e33c6c7372b6e815657334726a

  • SHA512

    51267b470e536a317a8f31109e1c53ec7589e4212aaf21cacb8e068daac3e67ad7502424cfa4a517b374bfa636cc58d281bc8466781e7ffe7b862190416aa367

  • SSDEEP

    393216:keel/JiZeQoAhy6vrJbgwbHFNsl2c5GGZbRE1q:kr6eQoAawPslz5rbK1q

Score
8/10
discoveryevasionpersistenceprivilege_escalationtrojan

Malware Config

Targets

    • Target

      PhysxExt.dll

    • Size

      2.9MB

    • MD5

      6ff985653d41e8d60bb1293f01729adf

    • SHA1

      1ae3086a16a91ea45c06d34071d8b3b87e058804

    • SHA256

      224ba9fe747ed7266a392961586db8a716553b85760fe3083e6d345034868d8f

    • SHA512

      fd47a81000dcd98adc03d1f45a172c19b2e8aa3c8f13338bda0b00407f7b81b52e0fa9be3f9ef87fb1303231225e83b9dd8c39a0777ee56ccd54abc52d095b87

    • SSDEEP

      24576:fZJJSVBjkvvhwVxKKpQgRQ8sUOwDUsHeHfcKtaPRO/o5o4Z/5rLyv+Fe:xJegvvhTKTRcPDqho4F5rLyW4

    Score
    1/10
    behavioral1

    • Target

      loaderV4.exe

    • Size

      52.5MB

    • MD5

      c09e35d7811e7956a23d1546f3657d1a

    • SHA1

      14638637ca598640b361b6d41dd60d32e34e3648

    • SHA256

      8a7a0dfd2a635200bd2f52de55df0d955374d67dd5946208397fd0b1a0cf9b59

    • SHA512

      c932ea658761cd736881cc0007d7930457803e2466ce9d6d56f15f8edd45139d8937ec8d605bd66494c7b1ea5a8c2a4e7714b907a4f5d07e2883f7f75e5e0ca6

    • SSDEEP

      393216:YGoGDd8UzAa52L4KEHqms6X9UDZXozjKv1:YGoid8Uka5nKknc91

    Score
    8/10
    discoveryevasionpersistenceprivilege_escalationtrojan

    • Downloads MZ/PE file

    • Event Triggered Execution: Image File Execution Options Injection

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    behavioral2

MITRE ATT&CK Enterprise v15

Tasks