Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    appFiile_x64x86.zip

  • Size

    7.5MB

  • Sample

    241003-srrj1awakg

  • MD5

    e08cf6d5eee2225e42c23d0fc43f099c

  • SHA1

    fa0ea9929d3b27871a437fbfa1a534094bd09839

  • SHA256

    58b0985b45d713c9a03c2ef9595270129a529d7568918bd86a7f05942941b317

  • SHA512

    42ff2e3642a5336414a1d36fb971c25eae786c44b347b823d272b73b6ec76c0492eac4c3c2b8d7d3dcc45db4cd03a3f9560ae7319ae2f2bade526fac30519ec6

  • SSDEEP

    196608:EVulvUX6PQFrV6xdKwGaq5xKYpBEajLTlPCrpCUUtwT+B7tk0eBU/DX:EzPvKdWLFEajLRagUUtM+VO09rX

Score
10/10

Malware Config

Targets

    • Target

      AppFile.exe

    • Size

      179KB

    • MD5

      7307f847abfcd35990a654365798aa0d

    • SHA1

      db4657fbc9f8a455b1d2859d79a76e55802c490e

    • SHA256

      2459237113947163c34ed3d3abc3dcf5599e68d193ee55e2c3590a30a1b7c8fd

    • SHA512

      c773c8a646d0fa2a0fbe7ed0227fbde4fc8049ebb81d5525f477774117242181b5c7a3de52b9091cd44c7b4f335151488e4287535524e8ef639c2fe6e084d3c0

    • SSDEEP

      3072:HRbKsrzJCso3JOGyQdrQO7TxoX6DCcbo/XopLxXHPQ/UEYJ:xzro3J3dXGKOXopLNvQ/UEYJ

    Score
    10/10
    • Modifies firewall policy service

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    • Target

      sqlite.dll

    • Size

      5.3MB

    • MD5

      b073f1111619c4a7539a0110d2387ff1

    • SHA1

      50058b937602e4b14c7e36e7e36c498cd45b10f7

    • SHA256

      b105a20ec8cf2aa1868689019cbf76bab597c1ed88082b8481c08090526be633

    • SHA512

      23917a90b58faef995f2f5f73e140b8a540fb58f49c88a42d95b94f603b61e7921c8bb6df6170fadb81d33963632b04644f5d48c941fd69914a54db3e3811d83

    • SSDEEP

      98304:Q12tW5t8QTrNQrDxJSB695pyYbdwYdP+e7WaTnGSAp9sPrP/nHXOk2:e2Ij8QTrNQrDOEDp+Yd7yaTRPj2X

    Score
    10/10
    • Modifies firewall policy service

    • Blocklisted process makes network request

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks