Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
3em_FReBA03...ck.exe
windows7-x64
1em_FReBA03...ck.exe
windows10-1703-x64
10em_FReBA03...ck.exe
windows10-2004-x64
10em_FReBA03...ck.exe
windows11-21h2-x64
5em_FReBA03...64.msi
windows7-x64
6em_FReBA03...64.msi
windows10-1703-x64
6em_FReBA03...64.msi
windows10-2004-x64
6em_FReBA03...64.msi
windows11-21h2-x64
6em_FReBA03...iz.exe
windows7-x64
3em_FReBA03...iz.exe
windows10-1703-x64
3em_FReBA03...iz.exe
windows10-2004-x64
3em_FReBA03...iz.exe
windows11-21h2-x64
3General
-
Target
em_FReBA03x_installer_Win7-Win11_x86_x64.zip
-
Size
115.9MB
-
Sample
240820-xs1lhsycmc
-
MD5
4953704993d4f2956c127e093097e3d1
-
SHA1
dbc7bf6c25b9412fb6ba36d1bdfdef9f3ab6a3f7
-
SHA256
eeee232ef628352d43833b909892d2ed0807a43850baaf8d828b769c7840eb92
-
SHA512
4a16cfbbe3d20ec801123be02244e86f4f744c47a3cde6edb9669b4c0b09c92e3a4fd10e818f70f8be224c32cd2436f4524a4567ee954578379422168c1051e1
-
SSDEEP
3145728:krypL8Q1Fx1U8abewCqHpbsnkKGVYe79jH:krk8QrUDlHpKGVYeV
Static task
static1
Behavioral task
behavioral1
Sample
em_FReBA03x_installer_Win7-Win11_x86_x64/Crack.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
em_FReBA03x_installer_Win7-Win11_x86_x64/Crack.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
em_FReBA03x_installer_Win7-Win11_x86_x64/Crack.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral4
Sample
em_FReBA03x_installer_Win7-Win11_x86_x64/Crack.exe
Resource
win11-20240802-en
Behavioral task
behavioral5
Sample
em_FReBA03x_installer_Win7-Win11_x86_x64/em_FReBA03x_installer_Win7-Win11_x86_x64.msi
Resource
win7-20240705-en
Behavioral task
behavioral6
Sample
em_FReBA03x_installer_Win7-Win11_x86_x64/em_FReBA03x_installer_Win7-Win11_x86_x64.msi
Resource
win10-20240404-en
Behavioral task
behavioral7
Sample
em_FReBA03x_installer_Win7-Win11_x86_x64/em_FReBA03x_installer_Win7-Win11_x86_x64.msi
Resource
win10v2004-20240802-en
Behavioral task
behavioral8
Sample
em_FReBA03x_installer_Win7-Win11_x86_x64/em_FReBA03x_installer_Win7-Win11_x86_x64.msi
Resource
win11-20240802-en
Behavioral task
behavioral9
Sample
em_FReBA03x_installer_Win7-Win11_x86_x64/updater/NvStWiz.exe
Resource
win7-20240729-en
Behavioral task
behavioral10
Sample
em_FReBA03x_installer_Win7-Win11_x86_x64/updater/NvStWiz.exe
Resource
win10-20240404-en
Behavioral task
behavioral11
Sample
em_FReBA03x_installer_Win7-Win11_x86_x64/updater/NvStWiz.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral12
Sample
em_FReBA03x_installer_Win7-Win11_x86_x64/updater/NvStWiz.exe
Resource
win11-20240802-en
Malware Config
Extracted
lumma
https://interactiedovspm.shop/api
https://potentioallykeos.shop/api
https://charecteristicdxp.shop/api
https://cagedwifedsozm.shop/api
https://deicedosmzj.shop/api
https://southedhiscuso.shop/api
https://consciousourwi.shop/api
https://tenntysjuxmz.shop/api
Targets
-
-
Target
em_FReBA03x_installer_Win7-Win11_x86_x64/Crack.exe
-
Size
25.6MB
-
MD5
ef9323bf9b60b2fa7436bd1923d222bb
-
SHA1
d633535341399ae503de6e19e18c0a13840c9483
-
SHA256
c239349587f9cd75f79c2490c851a64883c55f608195b2572e5c1fa73d1432ac
-
SHA512
547bd693a7d72a5c7b194d21a9a1954f139d2890bc29c36ef9fcc3a7a4b15221b021521b5fe08c35b58f9b8f7bfb73d42d73bfbb09ea50f9a339f43ffb10c55c
-
SSDEEP
98304:2Dv/WQ6G2lRP7lO0wrUO00iAZ6sammO51fJBEd4reXzOKMXnsZF3g:mlARP7lp2UO+457Cd+eXSzns4
-
Suspicious use of SetThreadContext
-
-
-
Target
em_FReBA03x_installer_Win7-Win11_x86_x64/em_FReBA03x_installer_Win7-Win11_x86_x64.msi
-
Size
93.9MB
-
MD5
a2b4081e6ac9d7ff9e892494c58d6be1
-
SHA1
8b1858f5b6f9de98da0da23835ffb7197341b401
-
SHA256
d2479f32549799d766941ca412912a3c58b06fc1bcef55eb4db4c0d90bdd7dfb
-
SHA512
8a9ec3b404c7a0df38d08e96c8484d18b9d78a53ecd6de0f2632a84767df7b2f7fb387fa5295cb9f1cf3f6af55b2150c5d7dff7593385fe44afc8ecfce011d74
-
SSDEEP
1572864:OC2l1WbND0AFuMNQQyf7CfhU+43Seba3aQ6BZmOEbQSRsvuv+Tg9yS3i0PWmZyGT:qPoDn9NJ143Xba3Z6zN3c9X3ZzkL2kq1
Score6/10-
Adds Run key to start application
-
Blocklisted process makes network request
-
Checks for any installed AV software in registry
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
em_FReBA03x_installer_Win7-Win11_x86_x64/updater/NvStWiz.prx
-
Size
432KB
-
MD5
9e82e3b658393bed3f7e4f090df1fbe7
-
SHA1
bfff954b8ef192c01af9fb5d9141a21279cb9c31
-
SHA256
c2ad5bd189df04b39be18dec5cd251cf79b066010706ad26d99df7e49fd07762
-
SHA512
de6a1e62d4e33f807d9c04f355a762717eedbcf540e747a97ba824871d4a1f144f4929141df333711d42af01e441dbbcecbb25a6a4f8ec073a024d94197b776b
-
SSDEEP
6144:9S4bS5XFvti0A0YqsAtMZDeJmdzh8KL5g3AepeV2fbRahYzUM3:9SMCXFFe0YqsAtEeJKCqN2jRahYp
Score3/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Installer Packages
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Installer Packages
1