Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    SchooisMultitool_v2.2.zip

  • Size

    234KB

  • Sample

    240908-n7f1zsvdmq

  • MD5

    9424b2cacd9f0fb76a0fe4f202e4d614

  • SHA1

    77bca369a07a8cc4815d0897d897bed758453bff

  • SHA256

    9235d2676794ff9cc054258ec08e894647ed0112a94f078c9b901d8f1aa049ce

  • SHA512

    9ba6531994986a636e7e7143c929248149ebddc580cd42ae9f6b21512d22d3d3a7c745248af3e55877ab0983575f51786927399092093aad26f6ffb927ac0f13

  • SSDEEP

    6144:c6z9pUmgmH9ozNAYmNGqgYSY1zSRFV1MuH1Y+sC0j:cK9pvgQlYmNYYXzSRFV1MuVzsb

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://raw.githubusercontent.com/SchooiCodes/file_hosting/main/7z.ps1

Extracted

Language
ps1
Source
URLs
ps1.dropper

https://chocolatey.org/install.ps1

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://go.microsoft.com/fwlink/?linkid=839516

Extracted

Language
ps1
Source
URLs
ps1.dropper

https://community.chocolatey.org/install.ps1

Targets

    • Target

      Files/Apps/7z.bat

    • Size

      839B

    • MD5

      baf3616b558a8160895bb9c31461d927

    • SHA1

      af5f159645fec5df4aafc1a750c3384fe3763dbb

    • SHA256

      bee39c3a45d5b37932654aaf12345292b570f292b6385e29eaa3f8dc9985cd1c

    • SHA512

      10e754aabc91ed4cb007ddbeac840289b8d5db728e4f0ebe59cee7dedf546f073d8a9148fdd7c216d266977dade9dcda2ee75ce174c8c1dc2fd888ebe9597db0

    Score
    10/10
    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Legitimate hosting services abused for malware hosting/C2

    • Target

      Files/Apps/SuperF4.bat

    • Size

      534B

    • MD5

      561400dc8a63d4b4cc87cabac9e8422a

    • SHA1

      69502ed43cf6e495c060fac70a5ef37f4f15ca53

    • SHA256

      767bccd41110d92c69bba5aaceea296f7e0b61fd1f9e09a3fa1ed08e8a8b8282

    • SHA512

      8c3efaedb0c9d7bc9de04dbe0d9c2b7a33b2b40a2f0836e719aabdf6197d2c4cdeece3b5eb0276f3484236dc99b797d63324ababa5dd1d4220af693910f12046

    Score
    8/10
    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Target

      Files/Apps/bts.bat

    • Size

      227B

    • MD5

      0cfdb01d34041f9e16ddd9f17e3f4789

    • SHA1

      393afcbc7fb973b5c2893b8085092f0c2c45311e

    • SHA256

      528ed4942a647ee78a31aaa788ef27b7fe747fcf9fc0e97192ad9a0aaf97c0c2

    • SHA512

      19e96f69fe9b335941b2ae107ca5eeb366825a399428df4af86faabc9f858e09b5bdb4080cff0db89c3a49dd26b77aa25b0e857572a4c39afddc112b113adcd0

    Score
    3/10
    • Target

      Files/Apps/chrome.bat

    • Size

      545B

    • MD5

      764f5846cdf195f465ca8c4e9fdd0875

    • SHA1

      6344062077c919850aec7f86e0350cb2b663dd18

    • SHA256

      fca1ea11d5fdb18df21be4b007ce750e271f442845d9dfe772b01837b218f289

    • SHA512

      0925c46fe7ae006b84cefc102cbd424abe0cd609d04673f68ef469397073ddda8a1eaaf79b3646487874eb5122f9496fe03588917f144429e8dabdce55215c8d

    Score
    8/10
    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Target

      Files/Apps/ctt.bat

    • Size

      200B

    • MD5

      1fb0778bf377299cf424b77cca45371b

    • SHA1

      21685d0e425d04192f122c94ccd209bfeab45e43

    • SHA256

      2a50f18aaa195155987ef3eb808c9b70e88c515ac49314ac22eceecbb790d86f

    • SHA512

      bfb48f3502bf32f5c21c0830df7de33c2772618fd0953ecede9106c921ce8df0acb62182b4a64dc961f2e07e940e39e189180b3c979e9f818c7a8d3acd4a87bb

    Score
    3/10
    • Target

      Files/Apps/fastfetch.bat

    • Size

      300B

    • MD5

      c6217cbda600f1e677678d6aa64d30d4

    • SHA1

      dda86d62ec1c6dea38d967d72e2cf2557d8707f5

    • SHA256

      c0fdcdf351b3e1660254b073f448c21c9ab9b36da4d480cfef7e05c4ed589619

    • SHA512

      470b2322425caeb48de5066c51221f3ec87c6b6e84dcfc3de705496d9e426c37add0cd2d54ba02006259035b37273f518d9cd512c14e875eee8a2627d4c346f8

    Score
    6/10
    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Target

      Files/Apps/firefox.bat

    • Size

      1KB

    • MD5

      a5156c813e4a7c45fc2f26a66b2cf813

    • SHA1

      4bb3f9d20be7bb87dc00aa652e84c9d56c196b4c

    • SHA256

      a15290fb079d46fbb859d1260de44df5d71a4072379a7eb2634a5c317684b7ac

    • SHA512

      ac0f5565ebfb93084ca58fdceeaabbfcff29f90f088a2286c5c48eaba7717e00662ac23442e9502ed3a0256a4385d81d7d0edfcafa6948176b2c3e538196223c

    Score
    1/10
    • Target

      Files/Apps/flux.bat

    • Size

      290B

    • MD5

      629667380059fb33d4933a722c139be3

    • SHA1

      a52944fdceef5368eaf140558066df825b35ea28

    • SHA256

      86d43de03fd141ad2180804577f817534f27cced767a8451b4804f47cc6037ee

    • SHA512

      ad474e7582751447067b002f2af3ab473d40087a3ce850551dbf2636887c3279aa58b57b930892585419e0df10e31deb42503bc787cb394df9dcea4ce1abed92

    Score
    3/10
    • Target

      Files/Apps/geek.bat

    • Size

      1KB

    • MD5

      7ab38d80aa19a44d6a1c792400a44d15

    • SHA1

      9cb921a2a61a9e1e42ef93c2a4d6f505c244a03e

    • SHA256

      1c36c6df5dcc675f2f27b95503aadb92b6657f6c130be829605e55ca9b7dafda

    • SHA512

      d7740258e28a3e468c33bfb0b47373a364c4fbff432dfe01322bd5b928c45a19fa2e50388aaa8e55d0b72b14b71ff783e9e3348ffdcc084c854b9d0288d694da

    Score
    10/10
    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Target

      Files/Apps/git.bat

    • Size

      597B

    • MD5

      43d5796a824ec36fce4aa2e358d33175

    • SHA1

      3b1578ace3db4dfdfd2cc8ba208c6a6cda0dbe5c

    • SHA256

      7940a2e053dfe8ff1afe7ce49f806b821d7063cbae8c6e3f467dc1b8603d3759

    • SHA512

      38829c87431fa81cfa0b6cb411f8bdfc8d03841fe539713ad0ae27991a9bf669d32f9f3c0416d9439a53075a9cd481100e3795cac0180ec0ce6e66990064bf54

    Score
    8/10
    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Target

      Files/Apps/logo.bat

    • Size

      2KB

    • MD5

      42127e263ca943e0979f8ef85faa395f

    • SHA1

      157ac10d97a73f63988dfcb52b90c09863bdea7f

    • SHA256

      8af758c87e62e072dac84d818f963b084d5f8a6293f37d6fda88ca0327ddd283

    • SHA512

      8c7276bfdf1f2158586a2ee3a179098cfd9c50e3fead3e80369a74e00c7953b0f29dc7ca1cd9d71614e11736170c1ffdf3b1a809a78b3144927efaebf786808d

    Score
    3/10
    • Target

      Files/Apps/pcm.bat

    • Size

      474B

    • MD5

      bd94097bc383679f0b5e46c9e1a599ac

    • SHA1

      d362cf3a09e38cdb2f542ae5e3093475dae49b76

    • SHA256

      2dc448b242e53ae269bc700c03276ef2e523b01a0b91b6690ed3074b8133e376

    • SHA512

      95aa276c74491a00334ed5a33c808f19c200883a9f4caac559728a86334bc01865eacde01a302d587dfc20096c3667f9ccd00c618fbb2e04380460ca985cd3c0

    Score
    8/10
    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Target

      Files/Apps/ps7.bat

    • Size

      1KB

    • MD5

      836e111b6dfc84c70ef6fe21b9ebccc0

    • SHA1

      0c7b272f348cdb6358d29cbeba9a851dfa525c18

    • SHA256

      3195d2cf69059001b92914d3c0495fbdce875cdc8c5b4c9357206fb8c658b53c

    • SHA512

      53c82a6d8725b92dc411dd4bc8d4001a70acf088538af84c686dbbda0f40159fbb8cb8122bd906537e542e12b8b7b649c686dcaf5b25425ca123c97048ca2cee

    Score
    10/10
    • Blocklisted process makes network request

    • Download via BitsAdmin

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Target

      Files/Apps/pswin7.bat

    • Size

      840B

    • MD5

      3768f6911878047cf06c7fdf0b5e08b7

    • SHA1

      39f52e4858f12c42a54fde38f7ba6386148bf081

    • SHA256

      fcb69e2e4d36737a17381f1a522962a77471f0cb1bb196a3aeac5d967eb81dfc

    • SHA512

      2e19e1e4c8f85f254c2f56e6272c24a1479a7c6b68c0df82ce33da4d5a028a8fb9cec0b10231529f16b077bfa607a760ea86844db8c94fe0471905db953112aa

    Score
    10/10
    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Target

      Files/Apps/winget.bat

    • Size

      213B

    • MD5

      5b9a5da7b871353090b62739e4c899fe

    • SHA1

      ae6d5bc03b0859d0f242f0925587446673bbac5f

    • SHA256

      5acfc06a96565e3d5a9ed53dac1fb5824d4777cb133e933bbad8afd5330dad26

    • SHA512

      5dc3ff9d6d61f85dec70b965f78059b74ce54968ac7cb00702408e907542dd3bdf657f49f8f796cb1053b8d8def3ed516dda4ea4691f3b62e3474bd46df855a0

    Score
    3/10
    • Target

      Files/Apps/wintoys.bat

    • Size

      390B

    • MD5

      d5016ae4c15bb205d355421b8fd075ba

    • SHA1

      2c6d9166db06f42fb23d4e0a47963db59c261a52

    • SHA256

      40278511ca853a1c24e9115cfdfd0f1a8d057f78350614887fab1cb2b42a02b0

    • SHA512

      6e23ad627de549bc000ede135bd53895037593db5d0850fbee1d8e78b8eff9ad23330ad96a19b415ce84fd27d598d5f578d0bc3efb36baaf3700c8c763602869

    Score
    3/10
    • Target

      Files/BackupRegistry.bat

    • Size

      777B

    • MD5

      4017211c6557001aaf377c59ecee083d

    • SHA1

      136dd376f582cd0191d87580819881c6a636c271

    • SHA256

      1da84dbf28ed8a7db5f8bb12f3a3541fe3fae630c7caefa113210d5f273ddf9e

    • SHA512

      0a76f2e9f8eefd416174cda713c30e1ab62a60783f2df4aeb402a48a80f3051c0fcb6061f8e12501f796a3e12f80df54d1db5f7b467f07849682e7fa1319b262

    Score
    1/10
    • Target

      Files/CommandLineGame.bat

    • Size

      699B

    • MD5

      0861e44ff6053f1fdab9b1ee87f08adc

    • SHA1

      4d53ada9eba854ce09e68872baa8fd378647b634

    • SHA256

      f24bf29f3c41ed17ba3177794558223c03897659c699ce427f4916a23bdf9f30

    • SHA512

      b0e593aebf2e76581b2346deaccb0a2bb1361e4b978ac243876b9a846f4cdec9a0bfe2f58670b4adcad69d63e63708e89854aab4b4753cafd1d5ccbc9d21fac7

    Score
    1/10
    • Target

      Files/Components/Import Backups.bat

    • Size

      616B

    • MD5

      44c6d8b490d9c29e521b024375629476

    • SHA1

      fa1a20b56f9139d46b3fea176620c494d54ce721

    • SHA256

      5d3aa94c00cc35e2517a478777cefcec82c55a9039afdc388c8832d9a0cd189d

    • SHA512

      b071df4478f3071ce8ac68199dfe8030ae4401cfac713d9d93fb67f4ba9ed1dae92adb5be1163685a43555e5ef3e5d8d72b2fe6c3917e4ac2aa8a7ddfc8d938d

    Score
    1/10
    • Target

      Files/Components/Registry Backup.bat

    • Size

      729B

    • MD5

      61cf455c174e64c84c526c57d80fc26a

    • SHA1

      35add3e0f35636c84fcc48f9fa8fae94ff461465

    • SHA256

      5e1f365f82618f8efd83fbc91935fd01aea55fe92c374689b9b2641a7163c287

    • SHA512

      5f45a7d0569fc479fcd037dfb4661d069f8b4185d42797622b480d619163d30f07e672ab098219a64ad974a4ea39fbd3d14956e944b4c180467cb6dc0b6f1c2a

    Score
    1/10
    • Target

      Files/GPEE.bat

    • Size

      801B

    • MD5

      462499abd2275776b3e6c6beeb86b0c9

    • SHA1

      ba3e380c5d1d24f7c1eacdb1c4a82d1a14f2dbae

    • SHA256

      50082e6e1f85c84a4ae2e34502f3103d82510223f90599d329c90835fda99439

    • SHA512

      586b34eb38d380a1c03a01bd8c477eaddaf99a9a22cc9b0a3b57965ee5b203d46497d510292e401da909fc0a3811a1f7fccc69a387936d4a9b5fd3c2f9d2120b

    Score
    1/10
    • Target

      Files/IPGeolocator.exe

    • Size

      10KB

    • MD5

      04c3d654166ae0f29d5e11ac3d53f117

    • SHA1

      dfba6ffb5891b6074fbd2073f389dbf30a00ce00

    • SHA256

      9e3695b3062bdc56a4d95ed022826aa3489141227a036700e7e98777371f3181

    • SHA512

      173790cc03a50748929d337d5ef3dc7a115b7888ce2d366034159fb6b3315d67bfab6e6942264bc41ba98dd0f4b571552891362baa453ee260ef4e07a5d70570

    • SSDEEP

      96:wpsQc0uvL0Pk+c22MU5mWNBEsFWg3/V+N+QcG+/emr3XEhvtL/ejgVZiZcPHV9jd:jUk57MdWjqYG+Wmr3OlKEVZL3

    Score
    3/10
    • Target

      Files/IPStealer.bat

    • Size

      458B

    • MD5

      092dc441f3b3fde90f7ea6867a37c188

    • SHA1

      83661112a066b04ae8499c1aef72f361a885becc

    • SHA256

      8ca505c91cd3bff8e240a89b2844b03b7b2e90f94a6f8318826dbf0ea3ac3f63

    • SHA512

      7270d327bb3364786cb5d74da987b9d43d95bbe01448f7547b73e2ec1cf48a2d25fb307706109ace17c91835595d711ad6f0a4ca03130cc5153e75e24cfe6f32

    Score
    1/10
    • Target

      Files/ImportBackups.bat

    • Size

      616B

    • MD5

      44c6d8b490d9c29e521b024375629476

    • SHA1

      fa1a20b56f9139d46b3fea176620c494d54ce721

    • SHA256

      5d3aa94c00cc35e2517a478777cefcec82c55a9039afdc388c8832d9a0cd189d

    • SHA512

      b071df4478f3071ce8ac68199dfe8030ae4401cfac713d9d93fb67f4ba9ed1dae92adb5be1163685a43555e5ef3e5d8d72b2fe6c3917e4ac2aa8a7ddfc8d938d

    Score
    1/10
    • Target

      Files/InfoFinder.bat

    • Size

      1KB

    • MD5

      a00d0a78ea0ce615829c0308a44c010a

    • SHA1

      9892bb77869aacdab7bbbdb6c7d910b310228872

    • SHA256

      3542c65e592024bccd7cd196bf4ba7127aff636a15c530911e7af2d0712ea4ba

    • SHA512

      39a7bb4adc0f3ad4321ded6c2b8c9f073d298e78a6a528a84936898c2694a21eb5f96c00cab88941647f70c7d855cd25fabc6b0f012756f9d87a797d98613d11

    Score
    1/10
    • Target

      Files/Malwarebytes-Premium-Reset.bat

    • Size

      1KB

    • MD5

      a5f28326d7555d81f8c22e5b46693571

    • SHA1

      c235bc7b6202c6e5c112a635365dc92bc3bf4d9a

    • SHA256

      6c0430a7504cb0aaa7328a1ce8100c3f890b158924d7f5905688930632715b60

    • SHA512

      028f737501eecffa6f6656bdc4943a71867cbeff9d7bc7e66fc046e584e8129aa0025fb9f73a449c12b4e215746a0698a315330bc5247473cf585cc49d36c317

    Score
    1/10
    • Target

      Files/Newtonsoft.Json.dll

    • Size

      514KB

    • MD5

      c53737821b861d454d5248034c3c097c

    • SHA1

      6b0da75617a2269493dc1a685d7a0b07f2e48c75

    • SHA256

      575e30f98e4ea42c9e516edc8bbb29ad8b50b173a3e6b36b5ba39e133cce9406

    • SHA512

      289543f5eea472e9027030e24011bea1e49e91059241fe6eb732e78f51822313e47d1e4769fa1c9c7d6139f6a97dcfef2946836b3383e8643988bf8908162fb9

    • SSDEEP

      6144:ZeC37wbJmJ5bd4m15M+S50cK7q2UGu7WEYEaWdDBLH5WHxJ16Wi/h4aBTBFFu4JD:p37Ogr2VAHx7JijBZdPfP

    Score
    1/10
    • Target

      Files/PasswordGenerator.bat

    • Size

      1KB

    • MD5

      429a368979fe64bc74a57ec0645db610

    • SHA1

      4df46e4adba31ab3b179414cb6b50443e5a4cc3f

    • SHA256

      d6963f1894f13b232f94944f56c4032dbbc8586bd0b6fb6a9d4b6ca401f8379a

    • SHA512

      7b17ead6a1995794a14e913ca963ee3d9193db7396067cd24a6ef9de23e4851f3de881d353ee92bdb5d831bcaca4f636e5774553664d60e5647abc29c8b5c976

    Score
    1/10
    • Target

      Files/RAUP.bat

    • Size

      764B

    • MD5

      993165efd56994356ee3ba7a0c4b8d1c

    • SHA1

      7decbe7dab117eb28070a1bbe44691fa953a4f1a

    • SHA256

      7a0c9f8d9f66a2332dc6f012e75ef83d181cd1ba4214fe498b6a65dbdac557e0

    • SHA512

      b734c58b8a577b33e75f4d5203514b07590a002ed424f8e5f159a5f4820e0e328893e2b049c61ddb1fffd4d30d3d8160a851c8dab32b833250e62756615b05cc

    Score
    1/10
    • Target

      Files/SMBBruteforcer.bat

    • Size

      747B

    • MD5

      5ee669dcde3786a20dcb3c85075bc200

    • SHA1

      110554c9bbd8a996e2cda1815cc53f66f2548372

    • SHA256

      079e7f161d7717bf40f5904ad64806e3ee8708e0e90b03d3acec7299eceb27da

    • SHA512

      71c78206d2261defeb89a8345fe0b82a415f3e0bfc7b9c27da420bad0964e7a97e1575b58ffcfaa188eea1b90dbe53ef7a1b5a21cae326a2825f06d38ded37d0

    Score
    1/10
    • Target

      Files/SSAMBYO.bat

    • Size

      1KB

    • MD5

      cdfd34dae8056336ee01477edb3e3870

    • SHA1

      d241fa7c0769e65bfd50b370e444b895b499595d

    • SHA256

      6cd8db62b821ac9ba208194a5a10da0b28661bdea600c6a7adbb0c1acb744f5e

    • SHA512

      9dc12bcd9cfc5de24c4000f2e3fa9ae77a56b8d8b38fe0ce3e1a499be0e62b3b47f2d972a38e4f915dd7c71281c79799295c747b2f5e47e33a50f4df2b3b364f

    Score
    8/10
    • Manipulates Digital Signatures

      Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

    • Target

      Files/Schnuker/Files/Run Me (Instructions).bat

    • Size

      475B

    • MD5

      107cfa2b2187c0cac05e4a52f5c7d870

    • SHA1

      48e726b794e97cb44cac7d0e3b43b4dfb23d5ac5

    • SHA256

      fe480312168a6532d8ec242bc457d43fac893cc9504928e2dd065d5241369b18

    • SHA512

      5365747c78b5c7aa90d381bcb262ceffb08dfd65174f1416329006e054279ca7d464463313a5232e1b71ddc5e946654e4e91a79247ed3ac7a956304994f8043d

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

execution
Score
10/10

behavioral2

execution
Score
8/10

behavioral3

execution
Score
3/10

behavioral4

execution
Score
8/10

behavioral5

execution
Score
3/10

behavioral6

execution
Score
6/10

behavioral7

Score
1/10

behavioral8

execution
Score
3/10

behavioral9

execution
Score
10/10

behavioral10

execution
Score
8/10

behavioral11

discovery
Score
3/10

behavioral12

execution
Score
8/10

behavioral13

dropperexecution
Score
10/10

behavioral14

execution
Score
10/10

behavioral15

execution
Score
3/10

behavioral16

execution
Score
3/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

discovery
Score
3/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
8/10

behavioral32

Score
1/10