Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

Scan_docs#...98.exe

windows10-2004-x64

7

Scan_docs#...98.exe

windows11-21h2-x64

7

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows11-21h2-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows11-21h2-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows11-21h2-x64

3

$PLUGINSDI...rd.bmp

windows10-2004-x64

7

$PLUGINSDI...rd.bmp

windows11-21h2-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows11-21h2-x64

3

$SMSTARTUP/32x.exe

windows10-2004-x64

5

$SMSTARTUP/32x.exe

windows11-21h2-x64

5

32x.exe

windows10-2004-x64

5

32x.exe

windows11-21h2-x64

5

uninst.exe.nsis

windows10-2004-x64

3

uninst.exe.nsis

windows11-21h2-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Scan_docs#84768898.exe

  • Size

    5.5MB

  • Sample

    240812-lmj6sszblb

  • MD5

    ce65c8134821032063d54ca07e8a73ae

  • SHA1

    13e5fe6fedb20530b1a82733b35b3bc23e9c7b9a

  • SHA256

    02ec55a5a2ad775adccd333edd94ac0bd82129a233736f7240044e085b73b0b3

  • SHA512

    04e4e45ec86735dba5b9289b887784691e7c6a1d5a912a805c7a8400e10c687a825b97d8c911c715c78d21b8e4551ad3e74b71e1e6df58c2f693c24bd9aa4304

  • SSDEEP

    98304:C1kfl3MhgvWbkjpaKqPtUr0MHa35QvBq7E9ZYBtPsxcZE7sCC9:CufligvWIVJqr1p8Bq49ZetPApsCC

Score
7/10
discovery

Malware Config

Targets

    • Target

      Scan_docs#84768898.exe

    • Size

      5.5MB

    • MD5

      ce65c8134821032063d54ca07e8a73ae

    • SHA1

      13e5fe6fedb20530b1a82733b35b3bc23e9c7b9a

    • SHA256

      02ec55a5a2ad775adccd333edd94ac0bd82129a233736f7240044e085b73b0b3

    • SHA512

      04e4e45ec86735dba5b9289b887784691e7c6a1d5a912a805c7a8400e10c687a825b97d8c911c715c78d21b8e4551ad3e74b71e1e6df58c2f693c24bd9aa4304

    • SSDEEP

      98304:C1kfl3MhgvWbkjpaKqPtUr0MHa35QvBq7E9ZYBtPsxcZE7sCC9:CufligvWIVJqr1p8Bq49ZetPApsCC

    Score
    7/10
    discovery

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      bf712f32249029466fa86756f5546950

    • SHA1

      75ac4dc4808ac148ddd78f6b89a51afbd4091c2e

    • SHA256

      7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af

    • SHA512

      13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4

    • SSDEEP

      192:0N2gQuUwXzioj4KALV2upWzVd7q1QDXEbBZ8KxHdGzyS/Kx:rJoiO8V2upW7vQjS/

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/UAC.dll

    • Size

      14KB

    • MD5

      adb29e6b186daa765dc750128649b63d

    • SHA1

      160cbdc4cb0ac2c142d361df138c537aa7e708c9

    • SHA256

      2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

    • SHA512

      b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

    • SSDEEP

      192:DiF6v2imI36Op/tGZGfWxdyWHD0I53vLl7WVl8e04IpDlPjs:DGVY6ClGoWxXH75T1WVl83lLs

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/UserInfo.dll

    • Size

      4KB

    • MD5

      c7ce0e47c83525983fd2c4c9566b4aad

    • SHA1

      38b7ad7bb32ffae35540fce373b8a671878dc54e

    • SHA256

      6293408a5fa6d0f55f0a4d01528eb5b807ee9447a75a28b5986267475ebcd3ae

    • SHA512

      ee9f23ea5210f418d4c559628bbfb3a0f892440bcd5dc4c1901cb8e510078e4481ea8353b262795076a19055e70b88e08fee5fb7e8f35a6f49022096408df20e

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/modern-wizard.bmp

    • Size

      25KB

    • MD5

      cbe40fd2b1ec96daedc65da172d90022

    • SHA1

      366c216220aa4329dff6c485fd0e9b0f4f0a7944

    • SHA256

      3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

    • SHA512

      62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

    • SSDEEP

      24:Qwika6aSaaDaVYoG6abuJsnZs5GhI11BayNXPcDrSsUWcSphsWwlEWqCl6aHAX2x:Qoi47a5G8SddzKFIcsOz3Xz

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral10behavioral9

    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      4ccc4a742d4423f2f0ed744fd9c81f63

    • SHA1

      704f00a1acc327fd879cf75fc90d0b8f927c36bc

    • SHA256

      416133dd86c0dff6b0fcaf1f46dfe97fdc85b37f90effb2d369164a8f7e13ae6

    • SHA512

      790c5eb1f8b297e45054c855b66dfc18e9f3f1b1870559014dbefa3b9d5b6d33a993a9e089202e70f51a55d859b74e8605c6f633386fd9189b6f78941bf1bfdb

    • SSDEEP

      192:SbEunjqjIcESwFlioU3M0LLF/t8t9pKSfOi:SbESjFCw6oWPFl8jfOi

    Score
    3/10
    discovery
    behavioral11behavioral12

    • Target

      $SMSTARTUP/32x.exe

    • Size

      6.7MB

    • MD5

      6ab9f278a420ac86fc7ec85647ce99f1

    • SHA1

      6ef604f5ed1ebe6dcafd038d43469bfffbc17b3c

    • SHA256

      4c4872202abb5a60a8764bf44b370578a2b3d6f449b3881e96cc38f1b55f9cda

    • SHA512

      13340197d19548bfa2de73b7465032b3afce1acfe58970c3cdae213bb431eed011c1887fe5a6ee59b8708a10fb59b5a497b3b38da80e5d924fb708027638c640

    • SSDEEP

      98304:3uLShPMHOaWmW+Vo3dxt6+ZMPoqvR7McRyfcUEfE+FzUEd/kHRL0GkDpaOCn4DGb:3cssOaWPKudFZiUZ1uvROFvU/mUPq

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral13behavioral14

    • Target

      32x.exe

    • Size

      6.7MB

    • MD5

      6ab9f278a420ac86fc7ec85647ce99f1

    • SHA1

      6ef604f5ed1ebe6dcafd038d43469bfffbc17b3c

    • SHA256

      4c4872202abb5a60a8764bf44b370578a2b3d6f449b3881e96cc38f1b55f9cda

    • SHA512

      13340197d19548bfa2de73b7465032b3afce1acfe58970c3cdae213bb431eed011c1887fe5a6ee59b8708a10fb59b5a497b3b38da80e5d924fb708027638c640

    • SSDEEP

      98304:3uLShPMHOaWmW+Vo3dxt6+ZMPoqvR7McRyfcUEfE+FzUEd/kHRL0GkDpaOCn4DGb:3cssOaWPKudFZiUZ1uvROFvU/mUPq

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral15behavioral16

    • Target

      uninst.exe.nsis

    • Size

      10KB

    • MD5

      aec326a6b06776939002c8d28cac1448

    • SHA1

      e4cf88b2a059e5672a15f127ec3825095745ab2f

    • SHA256

      77769c5b5213e74e1032b16cf85346b0078bd93046d99aeeaa1184e9b72dbba0

    • SHA512

      5ebeb5f01ef318f7726b1a336ac81d970eb7d98f5a7230a24b417affdfcba780b84bb3c6191aff5114ec1fa177e1b5b3d29bf21d9ae0132c78a5b89f02a73225

    • SSDEEP

      192:QmBCDs7RCKaRSM3bFrKf9okwkq3HVnHhvnp1Hn4emZpjOGMedt/4:QpDsNCKa93JrKukwkcHVnD1HGb/4

    Score
    3/10
    behavioral17behavioral18

MITRE ATT&CK Enterprise v15

Tasks