Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

build-3.0.1/Celex.exe

windows7-x64

1

build-3.0.1/Celex.exe

windows10-2004-x64

1

build-3.0....ap.exe

windows7-x64

8

build-3.0....ap.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    build-3.0.1.rar

  • Size

    5.7MB

  • Sample

    241006-g7e1csvapr

  • MD5

    166137adfc60178aca3e7c2dc4e20577

  • SHA1

    d7b90e3a877655b109a321fde0a37849a5aa5636

  • SHA256

    deba4aff8b58f3bb40568e31a4a609b7d1993d2552ae453e09cf86899f2201f5

  • SHA512

    95b2914dc29c0d22e468c961b9af7ba15af92d96157aa2c82885ddd2f76ac56c0bbd00e89029c7d01fac9af9cf5a0df232b6b75ef21b09606fb5ed86c8df7103

  • SSDEEP

    98304:cjolqZx/83nDY8fNK1MPNwmNwdFePJFO75SvwLF0ePStki4bexTBws9u/BlQuklk:x8H8Xc8fNgMiRdFOC90eqQexTBXc/nQO

Score
8/10
defense_evasionpersistence

Malware Config

Targets

    • Target

      build-3.0.1/Celex.exe

    • Size

      6.0MB

    • MD5

      22fdd8d1c8cec119c14015c4f1c2c87f

    • SHA1

      1bbbc6a0c3398bec3d0e26e40c4c945f6deb9d1f

    • SHA256

      ff47573b279a1daa242996b43af06634a8694ada0409d38982d63332b5c23011

    • SHA512

      cfcf4de9edb562fc53d29693df9e95cceea87e7e026185a2e9fc2975e7d866b4774ed17f30ea9430a54ef8291e1213732875959159771f6949f8d65cc3bc09f7

    • SSDEEP

      98304:7UC5K/I+aRCgcFNR02Ve1vDa6/utFGns7KUxRmhrb+L+3MDQY6neraIN0Bl5:pK/RaIgcDR0Ue1vDXGSsnRKX+L+3IQYk

    Score
    1/10
    behavioral1behavioral2

    • Target

      build-3.0.1/mapper/Map.exe

    • Size

      416KB

    • MD5

      36c50332466b6e921edb79ea4b240278

    • SHA1

      5b858fb375235e7638b7cef22ca972d27ce9cacc

    • SHA256

      0a76f7d189b368598ee017d0094a6698ffff66d0f981f85769971170ca29e042

    • SHA512

      fbc23c9d21e9dd3fbb7eac87fcee7e9db52d6c6450402ec90a7ba43940029af00d4ab9db8f0e662f30d8f99a34326673f26051932e2ae7afcfb377d053f4cc41

    • SSDEEP

      12288:rbNG38Jf2mCsCTyTH8+vtQ7BWD24cVLxSf0:rbNG38Jf2mCsCTMc+laBH4cVLxSf

    Score
    8/10
    persistencedefense_evasion

    • Modify Registry: Disable Windows Driver Blocklist

      Disable Windows Driver Blocklist via Registry.

      defense_evasion

    • Sets service image path in registry

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks