Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

NFOReader.exe

windows7-x64

7

NFOReader.exe

windows10-2004-x64

7

USBSafelyRemove.exe

windows7-x64

6

USBSafelyRemove.exe

windows10-2004-x64

7

aspr_api.dll

windows7-x64

3

aspr_api.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dfb377804b79284698a0246e1ddfc8a2_JaffaCakes118

  • Size

    681KB

  • Sample

    240914-hrm7gascjh

  • MD5

    dfb377804b79284698a0246e1ddfc8a2

  • SHA1

    e8d78fe65fede922245b13dff80192b1bf94d5cd

  • SHA256

    962cf5558dbab7dde0fa0341f069304ed235e4da6dcec72596184597a4ecbdfe

  • SHA512

    042c7162ae60301617436ce89798b10e39f85ed7509526b35107a234f0f8ee425ee8ecf8485896721d53802380a46dbcf949f8a65393187ee94ba75577c05c7f

  • SSDEEP

    12288:zNXLSamXmTSKuGVBN2QJGYOTDqLuj+TT4qN2dkwpPNXkOojJ3p5Tx6GdJwzdxT14:NSN2TSKu+WQJGxTDgujwp/+1UOoFTNmW

Score
7/10
aspackv2discoverypersistenceupx

Malware Config

Targets

    • Target

      NFOReader.exe

    • Size

      32KB

    • MD5

      271fc11622cbbb3abfdc174e38b9b390

    • SHA1

      75544ead695e24942a4fc79706b3af261b47f01e

    • SHA256

      b9b1385632fb1e70f8b8ea719478bfa6ef7de50205c8f1b0bf1fef4e7a4dceca

    • SHA512

      fce6a8dd2ec796a422f510c42c9bfa9b2bc3edf54730f63b63bfa54c568f9880e02e84628664eb618590688531307cb3f74924334f98e2a7ac5a38e3b12c7fec

    • SSDEEP

      768:/bIhENzXmRJ3tJ4B1KbcdLqKy51nySafQ8b4Y+rOFv7RXrFt:/bIhkzGZte16cdRyvySafQj6FtFt

    Score
    7/10
    discoveryupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      USBSafelyRemove.exe

    • Size

      684KB

    • MD5

      0eeced8dcb881cb6cf0175b4721dcdf0

    • SHA1

      a3087cc0cfbca651e588d67bd014013a44f1167e

    • SHA256

      96eca2d9c3ca5a65662bb5a1b49288b9ee60d98320ee9cd7ef3150f2ba78eb12

    • SHA512

      513e2a423dcc877a9e29ec081c12e3afb1da18d269dc4c7f19e4086f57ed07c1b2854e2cc3a8a773dac7ff96aee9613c56f9b1278221d8ff244c8ce2f26da857

    • SSDEEP

      12288:5SaoXeTSAuGVBx2QHGYkTDqvuj+7T4qN2fkkJPNXkJMa+Op5Tx6IHTf9wpCF5:5S9OTSAu+2QHGlTDSujep7o1USsTT9

    Score
    7/10
    discoverypersistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral3behavioral4

    • Target

      aspr_api.dll

    • Size

      14KB

    • MD5

      9e41832937b27950202d99cbc07cff32

    • SHA1

      a95248cb2888f312a9d4d29167a2e6c054460ea1

    • SHA256

      243bb41631c367f9eece457b079869ddc2e8eb7ebec8b49adccbec20ff1623fa

    • SHA512

      d1b80330e538be6cb1e1d5b72bdcaaf49c78894802a205bc564826c15b846c1f35a9fc0ada21d12b6815a406ad6963c913a26fffe99214b0045923ba84476d42

    • SSDEEP

      384:b7z29vq9Khu9IfBA21vpoEAxTr6+e9Pfqbn1:bP29vc7I5NvSxqha5

    Score
    3/10
    discovery
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks