Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    npcap-1.72.exe

  • Size

    1.1MB

  • Sample

    240805-xjwafavenm

  • MD5

    cab256acf99dc6e0685c0567ea6ee658

  • SHA1

    08aefa7d9a941ffe7d5c29d6b65d115109b5e2b7

  • SHA256

    b0efd269d32e581da747e5050ef98d2eb91e6de9080e0918f5af85b485a4bdd1

  • SHA512

    7f2147cd7d2e0e044e4e46c26df015decc4ae4c51d8500e91f1155cfe91e58c38d5f9a10710e6c70ba7ab590a4828e344ac32f28ecefaf9557429caac626af9b

  • SSDEEP

    24576:uZHcNHqqSX6AQzHlPnK7N1F7nJRFoK7EjvEYwa2MVZcXxZzHN9zqn4:aTUHlPK7rFj3qK7a2MV43O

Score
8/10

Malware Config

Targets

    • Target

      npcap-1.72.exe

    • Size

      1.1MB

    • MD5

      cab256acf99dc6e0685c0567ea6ee658

    • SHA1

      08aefa7d9a941ffe7d5c29d6b65d115109b5e2b7

    • SHA256

      b0efd269d32e581da747e5050ef98d2eb91e6de9080e0918f5af85b485a4bdd1

    • SHA512

      7f2147cd7d2e0e044e4e46c26df015decc4ae4c51d8500e91f1155cfe91e58c38d5f9a10710e6c70ba7ab590a4828e344ac32f28ecefaf9557429caac626af9b

    • SSDEEP

      24576:uZHcNHqqSX6AQzHlPnK7N1F7nJRFoK7EjvEYwa2MVZcXxZzHN9zqn4:aTUHlPK7rFj3qK7a2MV43O

    Score
    8/10
    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Drops file in Drivers directory

    • Manipulates Digital Signatures

      Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      22KB

    • MD5

      170c17ac80215d0a377b42557252ae10

    • SHA1

      4cbab6cc189d02170dd3ba7c25aa492031679411

    • SHA256

      61ea114d9d0cd1e884535095aa3527a6c28df55a4ecee733c8c398f50b84cc3d

    • SHA512

      0fd65cad0fcaa98083c2021de3d6429e79978658809c62ae9e4ed630c016915ced36aa52f2f692986c3b600c92325e79fd6d757634e8e02d5e582ff03679163f

    • SSDEEP

      384:E0C43tPegZ3eBaRwCPOYY7nNYXCA/YosaWqZmZsHLA+KhHgt:EBTgZ3eBTCmrnNAEQ1hKhHgt

    Score
    3/10
    • Target

      $PLUGINSDIR/NPFInstall.exe

    • Size

      252KB

    • MD5

      2400a7e797e848b767848a1d1abdce9a

    • SHA1

      48c5b4818bf1a349046f2066f2ace922ba7f73a8

    • SHA256

      dd72fbc54a219d3a157001ff0cb55016296062f0505801529c243feecdebb879

    • SHA512

      980c431685d89161fd6f8f6c459dd2f41ee79ecbb0ea48e5c29aea9763154d5685b51f9d041b2482b9636891bc1c6d6a1afffedb92364b6b09212d31a190d45d

    • SSDEEP

      3072:beAvCRFO25maSEPJJ1SxLtfJ5OGydgzwpXzcbU0ZFoecBkB3K9GyNyOLbTOa1sfG:bTCe+bM3MEU0Tjcb9rNyh/NGv

    Score
    4/10
    • Target

      $PLUGINSDIR/SysRestore.dll

    • Size

      12KB

    • MD5

      d1a3f71186e20741b2bb0cc33ca79609

    • SHA1

      b04761c0b7bc46e864a776514e4476eb372ef73c

    • SHA256

      49b0450567c281494620193d0f3598bad8a474ae9910fedb161855f09a8ec1f0

    • SHA512

      7eb904e4d2a6d87bccbe3e3f6562e53940195303a8024d2b0dad142a7a546b7a7a9287966e6d696246349008966349b6b56a3ce47978dedf49205bcfeb962b16

    • SSDEEP

      192:Qa8pU6GVdndRqSzNJw7YUXmZscF8Bd1LAeVBZHlA6u/:upZGVdndRqSzNqZmZsHLAOhk

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      19KB

    • MD5

      f020a8d9ede1fb2af3651ad6e0ac9cb1

    • SHA1

      341f9345d669432b2a51d107cbd101e8b82e37b1

    • SHA256

      7efe73a8d32ed1b01727ad4579e9eec49c9309f2cb7bf03c8afa80d70242d1c0

    • SHA512

      408fa5a797d3ff4b917bb4107771687004ba507a33cb5944b1cc3155e0372cb3e04a147f73852b9134f138ff709af3b0fb493cd8fa816c59e9f3d9b5649c68c4

    • SSDEEP

      384:u8+Qlt70Fj/lQRY/9VjjgLmqZmZsHLAMThHdjnG:uSqFjm6YLP17ThHdC

    Score
    3/10
    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      14KB

    • MD5

      f9e61a25016dcb49867477c1e71a704e

    • SHA1

      c01dc1fa7475e4812d158d6c00533410c597b5d9

    • SHA256

      274e53dc8c5ddc273a6f5683b71b882ef8917029e2eaf6c8dbee0c62d999225d

    • SHA512

      b4a6289ef9e761e29dd5362fecb1707c97d7cb3e160f4180036a96f2f904b2c64a075b5bf0fea4a3bb94dea97f3cfa0d057d3d6865c68da65fdcb9c3070c33d8

    • SSDEEP

      192:JDkDr/HA5v6G2IElFernNQZGdHskJw7YUXmZscF8Bd1LOtNBZHld3Mu:aDrvAxnJGernNQZGdHVqZmZsHLOtLhHH

    Score
    3/10
    • Target

      NPFInstall.exe

    • Size

      252KB

    • MD5

      2400a7e797e848b767848a1d1abdce9a

    • SHA1

      48c5b4818bf1a349046f2066f2ace922ba7f73a8

    • SHA256

      dd72fbc54a219d3a157001ff0cb55016296062f0505801529c243feecdebb879

    • SHA512

      980c431685d89161fd6f8f6c459dd2f41ee79ecbb0ea48e5c29aea9763154d5685b51f9d041b2482b9636891bc1c6d6a1afffedb92364b6b09212d31a190d45d

    • SSDEEP

      3072:beAvCRFO25maSEPJJ1SxLtfJ5OGydgzwpXzcbU0ZFoecBkB3K9GyNyOLbTOa1sfG:bTCe+bM3MEU0Tjcb9rNyh/NGv

    Score
    4/10
    • Target

      x64/NPFInstall.exe

    • Size

      301KB

    • MD5

      69a2863281739e40702e40fde07ef72d

    • SHA1

      8cf737fb5845a45445483cb1fae533c5a61da028

    • SHA256

      5c2e569db9c5a978004b8fbf04ed372071ad998d759a12e5aaba470df158889e

    • SHA512

      2315a4aa52f579a3633bd9c61c293b9fa78725d8331deee6ca24db70fb2565f431fc0f7f1ee84881b2e34b778ffc91c45e1b694ae517cdd266b0875e7089f178

    • SSDEEP

      6144:kXsjhljsl2TL5ifT7SywFXe7Awk3VMQvOju:xjLs8H5ifHSBFO7ANF7R

    Score
    4/10

MITRE ATT&CK Enterprise v15

Tasks