Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    xd-AntiSpy_modern.zip

  • Size

    375KB

  • Sample

    240812-h3bmtaveka

  • MD5

    238159933f95443b3d1e14424f6008bf

  • SHA1

    8ff807098acd58f508ae8ad620c8b41a89273a08

  • SHA256

    39f5adab7ad13d1bad081cf971e0ed53c8d8ccc4b902dff4be73e4b7902eaad8

  • SHA512

    8139fdb180b27a2790b794afb1cfb3013121316981ee4df7a2fd01c7d393d4891b5d236677e4b6e58a6efcbba8f7b5f698c741b333a2a27fea231b69662b7e8c

  • SSDEEP

    6144:TsfwVUrEJxyE5tgdKhqFjuIpuFoYmyFRozXMbgGKAkaPI5siTL6UUR1Px:TsfLrE3y4gdKcgOuAzXMpjkag5DTL6UQ

Malware Config

Targets

    • Target

      xd-AntiSpy_modern.zip

    • Size

      375KB

    • MD5

      238159933f95443b3d1e14424f6008bf

    • SHA1

      8ff807098acd58f508ae8ad620c8b41a89273a08

    • SHA256

      39f5adab7ad13d1bad081cf971e0ed53c8d8ccc4b902dff4be73e4b7902eaad8

    • SHA512

      8139fdb180b27a2790b794afb1cfb3013121316981ee4df7a2fd01c7d393d4891b5d236677e4b6e58a6efcbba8f7b5f698c741b333a2a27fea231b69662b7e8c

    • SSDEEP

      6144:TsfwVUrEJxyE5tgdKhqFjuIpuFoYmyFRozXMbgGKAkaPI5siTL6UUR1Px:TsfLrE3y4gdKcgOuAzXMpjkag5DTL6UQ

    Score
    1/10
    • Target

      LocalizationLibrary.dll

    • Size

      40KB

    • MD5

      355ef275485c7257431b697da7b5aa92

    • SHA1

      4025920bfc33a9f1405245e1cc6312064ac3d8b5

    • SHA256

      ad2ed7a52140d72aebd27366b1966850aa2bbe1064ebd99b5141d339d9868fb6

    • SHA512

      e07c421b6134d491039cb6498e11dd0d99d54e35eb6acbf83a6f1b02e44c14a0bc1d824a0cf113a722fbe853a9e4d8d38887ff9f17e7f5665eaaaf2fabcd2da4

    • SSDEEP

      768:QI1iBHfJA9eGNhnapBa437FC9yLHQ8146l+UxLglce/AzzYWl56IlNA5Iw0WMdu:QIwNf4x+l7FC9yLHQK46l+U+ce/AzzYa

    Score
    1/10
    • Target

      Newtonsoft.Json.dll

    • Size

      695KB

    • MD5

      195ffb7167db3219b217c4fd439eedd6

    • SHA1

      1e76e6099570ede620b76ed47cf8d03a936d49f8

    • SHA256

      e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

    • SHA512

      56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

    • SSDEEP

      12288:GBja5bBvR8Q0TE2HB0WLmvXbsVG1Gw03RzxNHgKhwFBkjSHXP36RMGy1NqTUO:GBjk38WuBcAbwoA/BkjSHXP36RMG/

    Score
    1/10
    • Target

      PluginInterface.dll

    • Size

      4KB

    • MD5

      fbc4671df9ded845b971d3f042b259d6

    • SHA1

      043d7d1afe25f1a5efac30e03629270ea9ccbe9c

    • SHA256

      401da4bcbfc4c31613811e2071886132d876a9375efbaccf887c9305f658a9d6

    • SHA512

      039e2bd2d5a63f7800133e03fa3d87e319cf6e2396baa1ec466337e39b3bc4422b49f43c7790a2071fdd721e0c0b0a1658a9686e3e16d1632ed56e0faea72a16

    Score
    1/10
    • Target

      lang.json

    • Size

      29B

    • MD5

      eec56a51c3361aa5a66de24d3bd23bc9

    • SHA1

      340c384aff6cfd8c6b4ca52f9a2cdd0b955fb140

    • SHA256

      a7428556e50caf3314b6c80e051bb61c5831ee900b0bcca749ab05e35469a0d5

    • SHA512

      6f88724220944b4cd253458f65aeab02236368ac8ca073e83e957769e9e38cdb9f29516c660c648690e4593e0793b55833444ee27ed239f02ad71c7d856a5931

    Score
    3/10
    • Target

      plugins/Clear Icon Cache.json

    • Size

      581B

    • MD5

      5bd80bd19f9d82495feb01faacb6681c

    • SHA1

      de2d7151f87f8b47c12fe7560c4732674cc3b325

    • SHA256

      dbc5d6058f3293d34ddf8bec1279af343ebf66670e89cf8e02a512f2807e028c

    • SHA512

      beaea631337102c96ef3038e5f1c2e2a475c37779ba4ceb26e8b6a1d83230d26ef15fef9e2c0315ce550a097c9788a060a2528aaa65568d73c9dfffaeceb998d

    Score
    3/10
    • Target

      plugins/File Extensions Visibility.json

    • Size

      1KB

    • MD5

      f9c31fa55ce41a828ee749798575e55a

    • SHA1

      9eed519bc244c964af105ee4902dbe060e605c85

    • SHA256

      6e5dafec7faf6c5fc7b71c2b4562f554f5c28a4a6cde0660ad9734702f2fec74

    • SHA512

      353de1f949afbd854a752d3f3d0cd1c1f82957144942abafe0a4a25816d48cd67671e65104eac8a4cc666502d4033a4dcf9de74ff956b834abb4202236ee3444

    Score
    3/10
    • Target

      plugins/PluginButler.dll

    • Size

      18KB

    • MD5

      e74b70ff8ad8da5d065b3bcf8018d732

    • SHA1

      4ca18f0603a1218239a1012bed88621c7c63a777

    • SHA256

      9a223a0d405554bc4681ce90ee4f46adeca35f111c329090f08e699e27f6d2a0

    • SHA512

      f4a9e97c3d07fb7ea7b8cb08d82163028ff74856e39e07ad13ff918fe57a1868959e3bc715e8b7cc093f6a490349fc51aab191d251fdcc8f9133d17ac7d06fbd

    • SSDEEP

      384:W0qJI+gB9yhuUaeG53rn5WLp6qXG05P8Btq55fVg+1c+zVhu:W8+gHL3rn26qXfzlT1c4W

    Score
    1/10
    • Target

      plugins/PluginButler.json

    • Size

      9KB

    • MD5

      69ebcba399c089ffd048f060990f54f6

    • SHA1

      b22184acbdd762f60210116394f9d5f8ff7c485a

    • SHA256

      38d87890fd5325e79f16f4ebcdc291b7e805d2ba0fc6f2c05668fae165dbbf3a

    • SHA512

      a69aebbb32a5d46f26e8c0a1877e16841e70a94437a80abb17ba599eb67a970d2e8d6fb87ce4dbc827df06fa4f3f2a0134db1f3724941dceffee4f68b078277b

    • SSDEEP

      192:BMN1eR742py6sb64p2mbW6Cc9WcRoCadeXrMh+xZy0:+TeRc2pydu4p2mbv9WMotdeXrMUxZy0

    Score
    3/10
    • Target

      plugins/PluginDebloater.dll

    • Size

      23KB

    • MD5

      f2b47bb1c2abc73dd3d442d405a3f992

    • SHA1

      fde43b7b439cb15ad7455abbf32e3fab3cf6dbc3

    • SHA256

      5b96eb56a71a9f0eab0185b25a92999c6dcca62071e1cecb75d0d95279e1b0b2

    • SHA512

      25fbf1509c8d17529137ac038b783c4fca91046f39bdad8dda05126d2252e728949746bce56f1e85012e6ef3a6a0d3ebb50d8eb90180098ab5210b4b3b2e31a1

    • SSDEEP

      384:LXfyB5XsSqEbVP0jtRmWbf5sNgcPNg+lluEaPJJgtQqa5GXfefi/VC7J:LvyJkXBs6cPy0itqnefwA

    Score
    1/10
    • Target

      plugins/PluginDebloater.json

    • Size

      18KB

    • MD5

      0bb801fb7dd92875f4423fcde37581fb

    • SHA1

      23b75784b774ae4c42984ae267a31882d3d5eda5

    • SHA256

      7a293003041a674f10288f95807f06b12cb5905cfcc4754841152dc8b099dd68

    • SHA512

      f1443c71a5ef6893bc3ccaf2735de82cd275eef48d14d477d5ccd6bdb5526c25ff522244e23ce084898301ba607aa35b00da03a7f8ed85e83c29f0b7f6651a01

    • SSDEEP

      384:HHoHk8HMGpKrREKIbZjnOChhLJk6KuNW2:HHor75r/

    Score
    3/10
    • Target

      plugins/Restart Explorer.ps1

    • Size

      497B

    • MD5

      2ebc3b277b6b0038b48f557507372a08

    • SHA1

      debaa00dbfa123ddf1d1d4d004250777f067d12b

    • SHA256

      ce31d19e4b3c0a707053dc081e109a465487f57b5180fb470be9ef75f391095d

    • SHA512

      45f79f41f42ad1901af650bdcb8237f494c8dda759efd21fe2f5d3591cd0b7e10e8f518c62c1b8b9dea4f1b4fc8907bc83446f53a1f72b1adce53f68709e2c5c

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Target

      plugins/Snap Assist Flyout.json

    • Size

      640B

    • MD5

      5e417c798cdb4da02dd1757f10677a14

    • SHA1

      af8b4b8538087da29c51b4d7f04a69284b19f729

    • SHA256

      07be898189534f434af1b23fbbd7d19f8197b11399b9c55780f2b11cb1ebf159

    • SHA512

      a7608abb5dec67faec30800ff097dc46266d30d62ffb12fb624f33f02af5f3ba74c2606c4d3d96c6dac31fe67cb7493c5fe328d4711a217a47deeeee7a32fe42

    Score
    3/10
    • Target

      plugins/Uninstall OneDrive.ps1

    • Size

      2KB

    • MD5

      d3228595fe69c9f115e84592c6a70e48

    • SHA1

      6795f195012476b278b1dee2766d8e62df96d0a7

    • SHA256

      945f7e685db6fc568cc8eb114b4d54dd7d1d5feb0879c84fe3f82ed786ae3b8d

    • SHA512

      5fae9274601b7bbfd8d3ec2ecba984e59dbfd20a8c31d5bd3bf8f32de9c004916ecea6328db2b1dfb5e2fc9737dbdf769104afe2c8f7476d695dd3b1d3827554

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Modifies system executable filetype association

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Target

      plugins/Use light theme.json

    • Size

      1022B

    • MD5

      636f8fbb6fc0f942ab31666dccc5d499

    • SHA1

      efe538b6b2ea32d0ed4b944400be86319901f47e

    • SHA256

      102a076a0446290c6e454033c47165891f7942b7de9690517f5bf0ceb443a6eb

    • SHA512

      468ae61e94c106d8ddfa11da1b25b5177ec5665b20b39ed5272da72c6726e868c34426c21d11767de7b277b56863564e3ae5c997beb6be803c98e6af45f089d7

    Score
    3/10
    • Target

      plugins/User Account Control.json

    • Size

      1KB

    • MD5

      a178eda0a77068ea7770b4c7bcc8797f

    • SHA1

      1ece27ae47884dd7faa27ec80140dc9dc9c25be8

    • SHA256

      b516eda092b3420e3e0a8ba73cf96573cf947c22b39dba8a4672948d74e7f929

    • SHA512

      7bd0b527fdbc07fa2be37679b06c0422ea07ff2bb54ab5020dafcb09bc96a55597001f9f8b21dc71ba8994420fd8f2b008830aab276b4e259e48d1bf5b66fa05

    Score
    3/10
    • Target

      xd-AntiSpy.exe

    • Size

      133KB

    • MD5

      1ed33278dba878502386ca4e535dd305

    • SHA1

      5810cb649c295c89fceb953fc36bca5b236b809e

    • SHA256

      648665b2b8d37614e8997c43ebe18e4026e976ef8d08a716f7c4388b567e09fe

    • SHA512

      c3f7880d261b6be9fcc60438408005d5b843228f4282a61de9f06d246e806e5e672e2117db27a8882e33144a85a1ef18c2f3f744088172f216544aa682767595

    • SSDEEP

      3072:hrCNOoWvDsNE476Q5ndZDDVq2j96+c4h+AK2LUsR8s6xRVehEA4ucyH9FViOG1JL:D0+AK2LUsR8s6xRVehEDbAbZIl/i

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • UAC bypass

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Target

      xd-AntiSpy.png

    • Size

      31KB

    • MD5

      d2a0f93e1dcf29d9ad11433a6538dcae

    • SHA1

      ad1f6d104a49fa490cc1a1303c19cbbfea4b7411

    • SHA256

      e1009fb19bc8a891aa1989dd59bfa6c265b66cfa58d9083ff6e2b15d9af32f48

    • SHA512

      e4f62f78c2a59ce7c03e3e93b18f65e8ac081876548636c9d387733fab16a9714179efed723c2b7817c1453ddb8edd2ca8a1f6c039b23d7dc2df06718f6cc50f

    • SSDEEP

      768:J9L8aPIEsFGbjnwsiQufajx0yMvR14hqjsd:TLFsAnzufWqR14qm

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks