Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

avg_secure...up.exe

windows7-x64

8

avg_secure...up.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDIR/Midex.dll

windows7-x64

6

$PLUGINSDIR/Midex.dll

windows10-2004-x64

6

$PLUGINSDIR/jsis.dll

windows7-x64

3

$PLUGINSDIR/jsis.dll

windows10-2004-x64

3

$PLUGINSDI...ON.dll

windows7-x64

3

$PLUGINSDI...ON.dll

windows10-2004-x64

3

$_106_.dll

windows7-x64

1

$_106_.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    avg_secure_browser_setup.exe

  • Size

    5.8MB

  • Sample

    240806-tx31natfjn

  • MD5

    307f6d07dffc9c83b9af06a266225959

  • SHA1

    28f5891349c98de90d07d10da8293e3a719aaabb

  • SHA256

    fa8064a6eca9a30e4525c9135d7ffb45a5d25dda297fa10f0e91bb721ea529f9

  • SHA512

    d68162b2965324e10c14fbc809932e675653562225da411e95972491f3300ea63f031822b6d21aff99e3ef90fa46a626140c3c411c9a35bfc23a849b3a5b8ae6

  • SSDEEP

    98304:tALz1JdBgUZrjJeVcqdYwyQ50Fk8ou3xUEBS9/RZJUGXjZvYHiUYDt:tAzPzgUZrt54Yj20Fk8oLEBSZRfUGT6E

Score
8/10
bootkitdiscoveryevasionpersistenceprivilege_escalationspywarestealertrojan

Malware Config

Targets

    • Target

      avg_secure_browser_setup.exe

    • Size

      5.8MB

    • MD5

      307f6d07dffc9c83b9af06a266225959

    • SHA1

      28f5891349c98de90d07d10da8293e3a719aaabb

    • SHA256

      fa8064a6eca9a30e4525c9135d7ffb45a5d25dda297fa10f0e91bb721ea529f9

    • SHA512

      d68162b2965324e10c14fbc809932e675653562225da411e95972491f3300ea63f031822b6d21aff99e3ef90fa46a626140c3c411c9a35bfc23a849b3a5b8ae6

    • SSDEEP

      98304:tALz1JdBgUZrjJeVcqdYwyQ50Fk8ou3xUEBS9/RZJUGXjZvYHiUYDt:tAzPzgUZrt54Yj20Fk8oLEBSZRfUGT6E

    Score
    8/10
    bootkitdiscoveryevasionpersistenceprivilege_escalationspywarestealertrojan

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • Downloads MZ/PE file

    • Event Triggered Execution: Image File Execution Options Injection

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Checks for any installed AV software in registry

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/JsisPlugins.dll

    • Size

      2.1MB

    • MD5

      d21ae3f86fc69c1580175b7177484fa7

    • SHA1

      2ed2c1f5c92ff6daa5ea785a44a6085a105ae822

    • SHA256

      a6241f168cacb431bfcd4345dd77f87b378dd861b5d440ae8d3ffd17b9ceb450

    • SHA512

      eda08b6ebdb3f0a3b6b43ef755fc275396a8459b8fc8a41eff55473562c394d015e5fe573b3b134eeed72edff2b0f21a3b9ee69a4541fd9738e880b71730303f

    • SSDEEP

      49152:rWUF3+DvlxaVlUj2UxF9TWkWbQWxACvRG+OZ1m/I31he2UaIyuK:rtF3+DLaVlUFWkWbQWx1JtOLm/IgaI

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/Midex.dll

    • Size

      126KB

    • MD5

      2597a829e06eb9616af49fcd8052b8bd

    • SHA1

      871801aba3a75f95b10701f31303de705cb0bc5a

    • SHA256

      7359ca1befdb83d480fc1149ac0e8e90354b5224db7420b14b2d96d87cd20a87

    • SHA512

      8e5552b2f6e1c531aaa9fd507aa53c6e3d2f1dd63fe19e6350c5b6fbb009c99d353bb064a9eba4c31af6a020b31c0cd519326d32db4c8b651b83952e265ffb35

    • SSDEEP

      3072:sACUTz1JlJmpGB6yK4H9l4o8rr4YlixbSrZKbazGk:sACUTz1JlopG5K4OZgeC

    Score
    6/10
    bootkitdiscoverypersistence

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/jsis.dll

    • Size

      127KB

    • MD5

      2027121c3cdeb1a1f8a5f539d1fe2e28

    • SHA1

      bcf79f49f8fc4c6049f33748ded21ec3471002c2

    • SHA256

      1dae8b6de29f2cfc0745d9f2a245b9ecb77f2b272a5b43de1ba5971c43bf73a1

    • SHA512

      5b0d9966ecc08bcc2c127b2bd916617b8de2dcbdc28aff7b4b8449a244983bfbe33c56f5c4a53b7cf21faf1dbab4bb845a5894492e7e10f3f517071f7a59727c

    • SSDEEP

      3072:d3Zk9fOAewM0+W8NVH28fB948igEWo8P+fidax:d3qNOApM1G8fBpidWZ2

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/nsJSON.dll

    • Size

      36KB

    • MD5

      f840a9ddd319ee8c3da5190257abde5b

    • SHA1

      3e868939239a5c6ef9acae10e1af721e4f99f24b

    • SHA256

      ddb6c9f8de72ddd589f009e732040250b2124bca6195aa147aa7aac43fc2c73a

    • SHA512

      8e12391027af928e4f7dad1ec4ab83e8359b19a7eb0be0372d051dfd2dd643dc0dfa086bd345760a496e5630c17f53db22f6008ae665033b766cbfcdd930881a

    • SSDEEP

      768:91vTYFHvlhqjbm8oEHB6hC+/3P4LA27bRpjYiidWAMxkE6:91bYPHqu7EUhL27bTj7LxO

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      $_106_

    • Size

      6.4MB

    • MD5

      f40c5626532c77b9b4a6bb384db48bbe

    • SHA1

      d3124b356f6495288fc7ff1785b1932636ba92d3

    • SHA256

      e6d594047deecb0f3d49898475084d286072b6e3e4a30eb9d0d03e9b3228d60f

    • SHA512

      8eabf1f5f6561a587026a30258c959a6b3aa4fa2a2d5a993fcd7069bff21b1c25a648feea0ac5896adcf57414308644ac48a4ff4bdc3a5d6e6b91bc735dc1056

    • SSDEEP

      98304:aTvkQ/nTstrpzpNBcSrMVudcoCL+34a5eB2atknfQJlH7ixiu1aqrqNCwLtwFkVg:aTvkTLVTAudcoJheBnknfFrqNXleb

    Score
    1/10
    behavioral11behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

2
T1547

Active Setup

1
T1547.014

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

2
T1546

Component Object Model Hijacking

1
T1546.015

Image File Execution Options Injection

1
T1546.012

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Active Setup

1
T1547.014

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

2
T1546

Component Object Model Hijacking

1
T1546.015

Image File Execution Options Injection

1
T1546.012

Defense Evasion

Modify Registry

4
T1112

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Browser Information Discovery

1
T1217

Peripheral Device Discovery

1
T1120

Query Registry

6
T1012

Software Discovery

1
T1518

Security Software Discovery

1
T1518.001

System Information Discovery

6
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

System Network Configuration Discovery

1
T1016

Internet Connection Discovery

1
T1016.001

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Tasks