Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
10Luring Gui...lk.exe
windows7-x64
10Luring Gui...lk.exe
windows10-2004-x64
10Luring Gui...lk.lnk
windows7-x64
10Luring Gui...lk.lnk
windows10-2004-x64
10Luring Gui...de.exe
windows7-x64
10Luring Gui...de.exe
windows10-2004-x64
10Luring Gui...de.lnk
windows7-x64
10Luring Gui...de.lnk
windows10-2004-x64
10General
-
Target
d3d1ce595f1eacd25441e99add7e13df_JaffaCakes118
-
Size
514KB
-
Sample
240908-h3bb2svfqe
-
MD5
d3d1ce595f1eacd25441e99add7e13df
-
SHA1
90cb1fe599fd4b23c0a49a621d8e0d4a0096c0cc
-
SHA256
04c4273a676b0f8b6f556f4dd174545c68543efc6b642191d0a9fd7a763552b0
-
SHA512
7a22d1e3df68582e90d8354b7a98eca24ace2063769cd6e0b54847ea109416e4b911cf5cfd3e2e675644a65ae29a28163510644d71936a4428cddb914101c630
-
SSDEEP
12288:dKrm+GCRQuXpTMhzXjv3PYWnuRBHUPFRcKrm+GD9TXpT77KEuRB6qZ:dKrmBoXXp0zXDfTkBfKrmBDBXpH+JBLZ
Behavioral task
behavioral1
Sample
Luring Guide/How to Talk.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Luring Guide/How to Talk.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
Luring Guide/How to Talk.lnk
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
Luring Guide/How to Talk.lnk
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
Luring Guide/The Guide.exe
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
Luring Guide/The Guide.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
Luring Guide/The Guide.lnk
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
Luring Guide/The Guide.lnk
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
Luring Guide/How to Talk.exe
-
Size
659KB
-
MD5
3381ffcf9e5796866d4796dadd6edc1b
-
SHA1
fc8d536d5b721ce71586200cc919430564bbb587
-
SHA256
143a6b9b16db9eaa0228465d6f2429f9843af8a4fa5f68bd94bfcdc12106783a
-
SHA512
1193344898a5e457f05d38fd0c9b7894da085805372261fd1cac48c0d092834d9aa633e6d71789b6f1b0d5dbdf33336e10a9c45c0319299dc43958ae0d12591f
-
SSDEEP
12288:B9AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnK0:3AQ6Zx9cxTmOrucTIEFSpOGV
Score10/10-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
Luring Guide/How to Talk.lnk
-
Size
728B
-
MD5
f0a43473534e505d3d65e38af3319193
-
SHA1
2833e1388335f287c0774d277c5f1da71191073e
-
SHA256
24d3f0d03b5ce33dbe90db68026d3c971f4e1f13d6b8624f13500642ac3156e1
-
SHA512
b86dbe24bf0a4e73c612daff6c6755102b0d045876fcd7ecd7e3c34472f6e5208096cb8f7463dc4e46e9d85e7cba6993e7526b63ce4b579d9d6ee186a6004857
Score10/10-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
Luring Guide/The Guide.exe
-
Size
659KB
-
MD5
3381ffcf9e5796866d4796dadd6edc1b
-
SHA1
fc8d536d5b721ce71586200cc919430564bbb587
-
SHA256
143a6b9b16db9eaa0228465d6f2429f9843af8a4fa5f68bd94bfcdc12106783a
-
SHA512
1193344898a5e457f05d38fd0c9b7894da085805372261fd1cac48c0d092834d9aa633e6d71789b6f1b0d5dbdf33336e10a9c45c0319299dc43958ae0d12591f
-
SSDEEP
12288:B9AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnK0:3AQ6Zx9cxTmOrucTIEFSpOGV
Score10/10-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
Luring Guide/The Guide.lnk
-
Size
718B
-
MD5
c5d61523c7af8f94f0e9b9ff675f1e01
-
SHA1
5c7b46700540de235d212a51888d010216b866d7
-
SHA256
36cde904acddb204272640ec153e8e8e0c02a9e44827f7486583d2e2d99d0f2c
-
SHA512
08c78e6eaa2a710d74f1e5b12c852cca3f5af0accb484c22ab968a3414ebc022e12290f2b66996b28ea1a4121f14dd942acf3d9cad9cf572e4c658de033d09d8
Score10/10-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1