Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
dfb377804b79284698a0246e1ddfc8a2_JaffaCakes118
-
Size
681KB
-
Sample
240914-hrm7gascjh
-
MD5
dfb377804b79284698a0246e1ddfc8a2
-
SHA1
e8d78fe65fede922245b13dff80192b1bf94d5cd
-
SHA256
962cf5558dbab7dde0fa0341f069304ed235e4da6dcec72596184597a4ecbdfe
-
SHA512
042c7162ae60301617436ce89798b10e39f85ed7509526b35107a234f0f8ee425ee8ecf8485896721d53802380a46dbcf949f8a65393187ee94ba75577c05c7f
-
SSDEEP
12288:zNXLSamXmTSKuGVBN2QJGYOTDqLuj+TT4qN2dkwpPNXkOojJ3p5Tx6GdJwzdxT14:NSN2TSKu+WQJGxTDgujwp/+1UOoFTNmW
Behavioral task
behavioral1
Sample
NFOReader.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
NFOReader.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
USBSafelyRemove.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
USBSafelyRemove.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
aspr_api.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
aspr_api.dll
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
NFOReader.exe
-
Size
32KB
-
MD5
271fc11622cbbb3abfdc174e38b9b390
-
SHA1
75544ead695e24942a4fc79706b3af261b47f01e
-
SHA256
b9b1385632fb1e70f8b8ea719478bfa6ef7de50205c8f1b0bf1fef4e7a4dceca
-
SHA512
fce6a8dd2ec796a422f510c42c9bfa9b2bc3edf54730f63b63bfa54c568f9880e02e84628664eb618590688531307cb3f74924334f98e2a7ac5a38e3b12c7fec
-
SSDEEP
768:/bIhENzXmRJ3tJ4B1KbcdLqKy51nySafQ8b4Y+rOFv7RXrFt:/bIhkzGZte16cdRyvySafQj6FtFt
-
-
-
Target
USBSafelyRemove.exe
-
Size
684KB
-
MD5
0eeced8dcb881cb6cf0175b4721dcdf0
-
SHA1
a3087cc0cfbca651e588d67bd014013a44f1167e
-
SHA256
96eca2d9c3ca5a65662bb5a1b49288b9ee60d98320ee9cd7ef3150f2ba78eb12
-
SHA512
513e2a423dcc877a9e29ec081c12e3afb1da18d269dc4c7f19e4086f57ed07c1b2854e2cc3a8a773dac7ff96aee9613c56f9b1278221d8ff244c8ce2f26da857
-
SSDEEP
12288:5SaoXeTSAuGVBx2QHGYkTDqvuj+7T4qN2fkkJPNXkJMa+Op5Tx6IHTf9wpCF5:5S9OTSAu+2QHGlTDSujep7o1USsTT9
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
aspr_api.dll
-
Size
14KB
-
MD5
9e41832937b27950202d99cbc07cff32
-
SHA1
a95248cb2888f312a9d4d29167a2e6c054460ea1
-
SHA256
243bb41631c367f9eece457b079869ddc2e8eb7ebec8b49adccbec20ff1623fa
-
SHA512
d1b80330e538be6cb1e1d5b72bdcaaf49c78894802a205bc564826c15b846c1f35a9fc0ada21d12b6815a406ad6963c913a26fffe99214b0045923ba84476d42
-
SSDEEP
384:b7z29vq9Khu9IfBA21vpoEAxTr6+e9Pfqbn1:bP29vc7I5NvSxqha5
Score3/10 -
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1