Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c97d9d45b5d383024aa39d9fbd4295b0N.exe

  • Size

    4.8MB

  • Sample

    240725-nmxs1ayhrd

  • MD5

    c97d9d45b5d383024aa39d9fbd4295b0

  • SHA1

    f642faf4c8664a6f73b414eede5685bf7788f173

  • SHA256

    8348f852775f70444139d4f2cf42fb6fedca972ff91c48eaed56739c840a75d4

  • SHA512

    0f26a15d5d21326b6a2b2547bedf68c8189c94faf78a86283f86a753d8f90c64644266396ff1cbd9cbad6393ae653858c783f21cd6bd3b7f029c8ea71cffedbd

  • SSDEEP

    98304:q6Q2rqFJ3LAg+istOHcRU5vUUF3et2ihnxFCKnWkB0Y8Ye3ty3jIhk6YJdtsmom:q6Q2rqjLstO8RUapEKnWBNYe9ySkWdm

Malware Config

Targets

    • Target

      c97d9d45b5d383024aa39d9fbd4295b0N.exe

    • Size

      4.8MB

    • MD5

      c97d9d45b5d383024aa39d9fbd4295b0

    • SHA1

      f642faf4c8664a6f73b414eede5685bf7788f173

    • SHA256

      8348f852775f70444139d4f2cf42fb6fedca972ff91c48eaed56739c840a75d4

    • SHA512

      0f26a15d5d21326b6a2b2547bedf68c8189c94faf78a86283f86a753d8f90c64644266396ff1cbd9cbad6393ae653858c783f21cd6bd3b7f029c8ea71cffedbd

    • SSDEEP

      98304:q6Q2rqFJ3LAg+istOHcRU5vUUF3et2ihnxFCKnWkB0Y8Ye3ty3jIhk6YJdtsmom:q6Q2rqjLstO8RUapEKnWBNYe9ySkWdm

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      959ea64598b9a3e494c00e8fa793be7e

    • SHA1

      40f284a3b92c2f04b1038def79579d4b3d066ee0

    • SHA256

      03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b

    • SHA512

      5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64

    • SSDEEP

      192:sRer7uivwq1XpKs4FVWSjMd8tIg2cREbyCsZ8q2R4Sy+Xe:s67Xws4FVWig86/5eCBqSy+Xe

    Score
    3/10
    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      f7b92b78f1a00a872c8a38f40afa7d65

    • SHA1

      872522498f69ad49270190c74cf3af28862057f2

    • SHA256

      2bee549b2816ba29f81c47778d9e299c3a364b81769e43d5255310c2bd146d6e

    • SHA512

      3ad6afa6269b48f238b48cf09eeefdef03b58bab4e25282c8c2887b4509856cf5cbb0223fbb06c822fb745aeea000dd1eee878df46ad0ba7f2ef520a7a607f79

    • SSDEEP

      192:y1zQhZDqlJcKISw99ioU3MSfwLF/+nhHUisdz:ozoZDGKYw9goWyFGBU7z

    Score
    3/10
    • Target

      $TEMP/ulicense.rtf

    • Size

      80KB

    • MD5

      8c7f512cdb1b21e01ce120a0b2806c53

    • SHA1

      f1cecc74193bb17dd59a1fea492b9144809c2445

    • SHA256

      a4ecc43c48d029afa62afbac5923fc2d1b5a031190cf97f0e6953684e0f9a9f1

    • SHA512

      12a673d2ea3910460132e016eb8fc21022c7134430a8c775e288df41f9fda029a97f0223892f62f62c40fcdff41d013828aba8c551f43ca97a37aef57b8bca06

    • SSDEEP

      768:0eejrI4LvyVoaXMDe4MhxR+RpR+JWxR4zhc7AOB4BjLW5qojflMeI/Z3VRVx9BUZ:0hApce0Fy8Qo+6+Wp

    Score
    4/10
    • Target

      AmandaRoseTheGameOfTime.exe

    • Size

      1.7MB

    • MD5

      0e27cd83f10b8bb1ced4650f6d35dfeb

    • SHA1

      ee2e4dbb009a610d79a54b6e86a41a444d1df34c

    • SHA256

      60950d49257fa8e0135da985a36e46f098b176847f55c8df7b1eb9b4d73a2d8a

    • SHA512

      77186b85588b15a9caa3c80250f5111e6db0d40d60f9ce2bd2e486aa5acb2bcd524672e250048e4dba047d9767c6467a7e044af75c56b086ea926ce57f7c91cb

    • SSDEEP

      24576:Y+INKj8FzulA2/B2Km9iGpwpicGzr3F2/7MkOeB5sNFSsL5VaVo+X43K/pjLxVWG:Y+IYj0uRfm9voinFo9Ok5idqLwst

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks whether UAC is enabled

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      AmandaRoseTheGameOfTime.wrp.exe

    • Size

      2.9MB

    • MD5

      486fe244dc62a1412df271037b5f1018

    • SHA1

      731ffb5dcd606c1ec2769a9f61a679d5d5a77854

    • SHA256

      cacfca33d29e36c210e6fc3712dd8a51319c6c35b8af1685728a5c05bd16456a

    • SHA512

      7812d4b6046e36ab24e1f6fb07b281907aad17f25b150a606f3b88b46b542f4e972b0906421b05da2fc907becfc73fc8b60f6aeeae8b00843b84cedbbae5cd81

    • SSDEEP

      49152:3HHpBxlljzWzclWpo13hmcd73KsXFRWqt1kNfwUi9dnK+ZVKrjFu4XfPh/cZJqhU:3HHnxv0QmUbKsjWFfwnKrjFu+eZ8na

    Score
    3/10
    • Target

      SDL.dll

    • Size

      224KB

    • MD5

      5eb7049ad2a0f79300f94ec25488878a

    • SHA1

      a68ebb2009790ccf3deaebe8db9664a36a48f94a

    • SHA256

      af0614b86d4ba1b18da1da3eb611fd9f819d43a1108cbbe5df0e902216852523

    • SHA512

      7269885a74a7918bc6c2a46231244ec96fd5e401be9090e02706b80b1d27c90f6ca5c33b6f61ad25e1ba35a53d3966958c783da214c1e5bb426cc57d06091a7f

    • SSDEEP

      6144:hjnKK2rrrrrrwDqrqKDWnF3I/NwqcvIeGgXl:5nKK2rrrrrrwDqrqKKF3Ix/

    Score
    3/10
    • Target

      SDL_image.dll

    • Size

      44KB

    • MD5

      c87ad94c19c84fc2db772a4ea986b76d

    • SHA1

      6b66ee0ff7c83de9df7b6e7895b2912f241f6dc3

    • SHA256

      01e61b89920f2dd7203cccb976b90d3e66c5cf4833596c028ed6dd2eac83272f

    • SHA512

      b354765fb210da86f14ecba9aed6ea4985fa8d9f4e1325904aa17b58ca121ebb3caab272319bc7963790ea1c969c99dafbbc7d67807bfa87d0878363b48b417b

    • SSDEEP

      192:qpNL3cb8A82oY8JKuuhhWew3+f8IB3DbqKmnNwbtXVVdMu8+k1FwXOIVVkJK4qIn:qpNWWxKucQxDgqR+ksO4Hx5qeJCIB98

    Score
    3/10
    • Target

      bass.dll

    • Size

      98KB

    • MD5

      b2f3a33416a83666a59470539e9d3701

    • SHA1

      6741ba00b64584d7b61087c429f3eaf0eedc7e8c

    • SHA256

      5ce72179b327b79af31a1824430ab6f86e3a6ed46d858e0a799b6b65999d5e0e

    • SHA512

      c4bd39971fc024fc12971eeae6ecf6baf49e4e7df17bc8fc94079a64356863fa910e84c969ac63d1ffca6a735708fc51767dfbced7e7d259789d84aa484176d0

    • SSDEEP

      1536:W6+TMybo4UnOxNIXZAN3RB2wIrMCaw5uEc72XgAo/9GsuQ7unc:UQycvO8J0RMwtmuEc7MYuc

    Score
    3/10
    • Target

      htmlayout.dll

    • Size

      681KB

    • MD5

      cffe21f7cfe677eec54b8d8020ef0690

    • SHA1

      580b995f8d370d25cbfeb5dc633f6eec68e7cafb

    • SHA256

      9cf74cd193f4fb530c530d4f9feff9ec81a24a5c5922998101657128de771b0c

    • SHA512

      a74bd3b8ad64ea6bd56aafcc71eac85f47ea164b025e8f700177f53a9d37ad2ce718dd265c93e525ef6bff06d7ac39e4e2a8337a55ca668a665313eb1ae01dd2

    • SSDEEP

      12288:gLugumxc7DzzM1POf+8WmysE5SgQ11D3XVUuK8bFe+airYt/IOsyuW+dvL:gKge7PJf+8Fys6Q11D3XVULm4+aisSOc

    Score
    7/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      ir50_32.dll

    • Size

      737KB

    • MD5

      b1fec99ac0a1eb598254c23bdcf18d4d

    • SHA1

      451c50f4befb0db549f63b717e5247d97f279816

    • SHA256

      d6e4d3d1752141aaf04ddd20c41a037873602ee03a7b976d113595274ef08bec

    • SHA512

      b907607310d882d7941637768f8056bfe6c0371681f47189e39286ad037d48a84dcc0cc123e9e95ddbde641366671a54ab933a35dd5049563ce0e801ccd5e5fa

    • SSDEEP

      12288:/vQgCemKE+7CSnIQwPW0djVHr550Os50OstAqafeqFE1hFE1hRwRy+0rWwLcs6YT:5E+7C7QwPWoRHr550Os50OstAqafeqFT

    Score
    3/10
    • Target

      jpeg.dll

    • Size

      165KB

    • MD5

      b3572ac8d50604ca0e0328dfa09a3d69

    • SHA1

      623993425015498fd74dfbcf638654d4f72bd151

    • SHA256

      ac3f25027c9725fb6c6a4d54b3764b08cd99928a395b1cfe8682bb447b3790be

    • SHA512

      a17b010d7ee7b9e3461fde72219904187a3ef18cfabe459ee7e325dd336293b55069840737f3ce25ea390cc172cefb68fb85865e2fc7ed7b03a70e2d3161354c

    • SSDEEP

      3072:ysJGuNqNX8pNhsgL5hYA/caYIq/WF1lWbos4DMq88mfU:pGuNqNX6dZcF/WF1lU14DMSmc

    Score
    3/10
    • Target

      libpng1.dll

    • Size

      92KB

    • MD5

      f6c58292d11cabfc379c957f34e5eb84

    • SHA1

      2632abd190407cfa9c304469c78e4565417d05ef

    • SHA256

      3f10e96d56d45e5c62d5b1fa12182503e8c1f59b6a0018dbb4dcea3df208811f

    • SHA512

      789d8bfac5f5e329b7afda5424e8f201f2d02669f3d1191422d27f7c9acae0c48108348570dc0e5a8fd6fa4eb9606ec4158099e9d7111b11d15cea59c299d2ea

    • SSDEEP

      1536:voIx2Vq2jEaTvE4lGP7l7oeeiNES2zMTkYjH+:voxNTPlGP7l0eeiNERII8H+

    Score
    3/10
    • Target

      wrapper.dll

    • Size

      655KB

    • MD5

      e1656d25f53820e291e60093f8e8bc41

    • SHA1

      1407ef55c30de78b3b5f3e4a0042281ae9d55831

    • SHA256

      367fda11631296caef0acad26cfed7d0934475eacb8349c1c209a575bf547cb8

    • SHA512

      5407d8605a1405759f824e10bd748671d057eb477b8feed5772e62fa55f67df10ed643a7a7f90562db3782461291b61b452d679453888d065e0c8bafb8791e7f

    • SSDEEP

      12288:3lTILolEZuvuVJBK9ONOkx2PAUv0vWPdcef6WKqC1bBTzBS0ncQ:3lTI9nhOkUIM0qNf6WKNJB1cQ

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      zlib.dll

    • Size

      52KB

    • MD5

      c88a6474424b1bf960e7ebb4b28d0ed0

    • SHA1

      1405881be65153a661feab43115532f7ec80c077

    • SHA256

      0df0c22bf411ad670d7b8fe5a533e4831313d5a3118cf9216389c642c90ec2f9

    • SHA512

      a4c273f474cf15b86dc038a2bfceb28ee17178de20aa5c17378b15e92159cf70c29549d4e7254ae351d45054e4d15c3b87e5808fad9899f9417864fcb6f14d78

    • SSDEEP

      768:tRagNniRy7pA2cp+k8AVfgibjlR1L+zwWMyK3yEXuLiOxPs6:tR6RmpITVfgin1iz91jCb3

    Score
    3/10
    • Target

      zlib1.dll

    • Size

      69KB

    • MD5

      f5b8b7054675d6aaf4ce3e727395f402

    • SHA1

      3045634965ca1b0d5f31a863ab1c34405f20ec03

    • SHA256

      87ba7862b61b0ee592fb967d38dfd7636d361199788ab8557344251006a134b1

    • SHA512

      b19efcdc5decf4643f6abc4d5da7a505affd083abd496f7e860e5cfceb32a99f17a2f62cfd08686140453db0cc56cb24d1d5ef88bf6f37dd021216b8c0944b3e

    • SSDEEP

      1536:1nToIfXVguoBaNn4iQyqVInsCyIOsb3IO0MCVralp+Cv:dTBfXVZosLQyeQLQs18VralpBv

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

upxaspackv2
Score
7/10

behavioral1

discovery
Score
3/10

behavioral2

discovery
Score
3/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
4/10

behavioral8

Score
1/10

behavioral9

bootkitdiscoveryevasionpersistencetrojanupx
Score
7/10

behavioral10

discoveryevasiontrojanupx
Score
7/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

discovery
Score
3/10

behavioral14

discovery
Score
3/10

behavioral15

discovery
Score
3/10

behavioral16

discovery
Score
3/10

behavioral17

discovery
Score
3/10

behavioral18

discovery
Score
3/10

behavioral19

discoveryupx
Score
7/10

behavioral20

discoveryupx
Score
7/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10

behavioral23

discovery
Score
3/10

behavioral24

discovery
Score
3/10

behavioral25

discovery
Score
3/10

behavioral26

discovery
Score
3/10

behavioral27

bootkitdiscoverypersistenceupx
Score
7/10

behavioral28

discoveryupx
Score
7/10

behavioral29

discovery
Score
3/10

behavioral30

discovery
Score
3/10

behavioral31

discovery
Score
3/10

behavioral32

discovery
Score
3/10