Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    PID.Key.Checker.zip

  • Size

    9.8MB

  • Sample

    240819-2xgfnavajp

  • MD5

    d9ce6a2a781ad9f9a8af3ba4be5b6a97

  • SHA1

    af930244881612133104d8a717242542c739f44a

  • SHA256

    99262ab91de9e9ddcab93e1f3f67cf356cbdb11bff959a05a51abbe1562f2366

  • SHA512

    d24ec5d172528585a56f9f9fc609bd31b0d5552bf671ea6fb28a29c61caa9c4cbd94415a80cc4417672cf11425b86d15de03e038ddc5fca832cc707e6e152608

  • SSDEEP

    196608:ZurEAMcmPIaPhnCxylwa+0YAmH+BI5/kIhEHR+IfMlUBcf0+DgagAos0apc8:Zur9MIqqtH++9ex7fMlUY0+7tS8

Score
7/10

Malware Config

Targets

    • Target

      PID Key Checker/AutomaticUpdater.dll

    • Size

      82KB

    • MD5

      2863fe94130e9c2e83198f64d328bb9e

    • SHA1

      5f6427275fb25459ab877182f1d2dd82b6423f11

    • SHA256

      80e08b87c32e5d4090fc3b08657d98f5aaac4c60b275adcc69b026829ccf3b1b

    • SHA512

      ef38b2398ca062ea81859aafc5ce752560752627ad76e412b8659f18c0630b15aa03f8824b63a9fb4cdcd74dff5eaee24ea9af26c7401bca5619656ded2e371d

    • SSDEEP

      1536:Pw8kFf++WXqyuUtSzgH0AIryrsfSv8yfe+gOVrFc9cui0o8CO0O:Pgf+rXUUtSzLVpyfe+ggFc9cui0osT

    Score
    1/10
    • Target

      PID Key Checker/PID Key Checker.exe

    • Size

      9.7MB

    • MD5

      cfae82ef8329044b196c682444c2060e

    • SHA1

      e7bdd49030e7a6b8efef1a4201e95f2a385a06f6

    • SHA256

      22fc1ce3806264ff01abc40e818a70bc467027b9dea29422a362d15e48e108bd

    • SHA512

      783ae2588d9a557be59eabe4107e0fdd7c97f3173f3e11bb4ade53c19e16d8497a71599492408849a5eeb7a56278f3d50a3417971c8d1b388fc550731aa30037

    • SSDEEP

      98304:z2xA9DMbJcioxcKK2SewFiYCJc7vfmIAh19DMbJcioxcKK2SewFiYCJc7vfmIqNn:ytAAqMsiD6Gu

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

    • Target

      PID Key Checker/pidgenx.dll

    • Size

      914KB

    • MD5

      ffb5324cc79cbb606111af59a0d68a15

    • SHA1

      46d7498c8a280788fdc6cb8825983f9097706c9b

    • SHA256

      57676bb6edeb34a66e24a3d4a7c56a16ddc92522a24097c6e94d7f702923c3ff

    • SHA512

      6dd7853f974178dec92c295882d3b9a0f357d54dba3186826282edb3c1af4a25db9c10944b73bf2194cce830bec4068950aafb7d08d54072a5f44d889bffccaf

    • SSDEEP

      24576:gxqa6ZSrEbXZsJPs7QmZgHwhqB4Fxc89Jd:pZSriXSJPs7dyfUcY

    Score
    3/10
    • Target

      PID Key Checker/wyUpdate.exe

    • Size

      434KB

    • MD5

      37c753d5ab2dba14e7b7e1dc56b87c27

    • SHA1

      d6dfd70d391c4814ce8c4f2e8bf0c41e7deed1ee

    • SHA256

      aa71c676499260ed07b6b0e54aff155ad8e46b49aee933e90b5ff4dd098aadb6

    • SHA512

      0c96bfad6192c6a6d652ff7d4bd93bb13d7fd27e6ccc9a6200c235c833e5340d8e6d8f10937396a9c39b06dbb41a27348d031d55e3b8baa50cdcacaaffff41db

    • SSDEEP

      6144:YFnJRm+efxgsQWc2m8snsIa9rRLKX5Z1BfZ9e58UoEFXtf79VMUHZZgBRflKXB:YFnXmrsWcRIKf1sNo+gUHZmVsR

    Score
    6/10
    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks