Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

999网址导航.htm

windows7-x64

3

999网址导航.htm

windows10-2004-x64

3

SkyDriveSetup.exe

windows7-x64

7

SkyDriveSetup.exe

windows10-2004-x64

7

�...��.htm

windows7-x64

3

�...��.htm

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    26e44a5cf0faf8058e0c0493fff7ebaf_JaffaCakes118

  • Size

    4.4MB

  • Sample

    241008-27pj1s1emb

  • MD5

    26e44a5cf0faf8058e0c0493fff7ebaf

  • SHA1

    978ca9b5734dabada7fec0878129eca5b6f0b14d

  • SHA256

    a222bdf089f24ea1da86f7a6a6335acff90fc329ee9e0f7a21003fa42624869e

  • SHA512

    7bea0a15047681f29652f28dc054a64ea8540beb4f11562e0fb5f61ac6b73a5b808015264357a846274527ccd20eaee78092917719eaec016134712ac25018a7

  • SSDEEP

    98304:pu0qCweSbKLidzk8+ooxnDPSyp4u9hSfbTU3ljckkGt9Kj0jpOOm/:pudLbHzkBDSu9hSU3l4o9003U

Score
7/10
discoverypersistenceprivilege_escalation

Malware Config

Targets

    • Target

      999网址导航.htm

    • Size

      101B

    • MD5

      75570b806f2c9930812b6b71c4f0d26c

    • SHA1

      111d0df233a973b15c7448bf96246d491655b0fd

    • SHA256

      afb5671178dc0edb69866c5cf996dcc237253187dcd4338265643fc904b94781

    • SHA512

      abf90fb21a2060ae6d2263da533ec2858ed46383d9dbf8769e7e4b0a5ecc77b6517a26d143d05f88807e2b1832fc982876dd32465bc2fd3f6680cc906bcb4e89

    Score
    3/10
    discovery
    behavioral1behavioral2

    • Target

      SkyDriveSetup.exe

    • Size

      4.9MB

    • MD5

      6961f3aec7f861c65091b8fb35086561

    • SHA1

      e3b0fb8d929898ad342002afa28cc265194efe90

    • SHA256

      cc9d7f28a00c0782658cfa90cfa69baebbb056d1838011f30782d2e96e2979fb

    • SHA512

      e0fb908d916647e0297e272ec1428f6b70e4538bfdc2e8a99f45308e3d73165661a0bc3ef1425e6e8ad3da3e321bea9f5a4e10dc4434aeb4d0addf34027464bb

    • SSDEEP

      98304:2qfhtV37w74C0CJmzevREdhOXQTFB74unJSqqgw3LFkkEGr3ra:JfXVrw7RRE2gTgunJSYw3LiWra

    Score
    7/10
    discoverypersistenceprivilege_escalation

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops desktop.ini file(s)

    behavioral3behavioral4

    • Target

      ذ˵.htm

    • Size

      3KB

    • MD5

      3a7e9e5ad3c30b81eafe94c577728cd2

    • SHA1

      1003c4d73fd36da952aa21c78d156c46cc236846

    • SHA256

      a8e5c8ca6d0f3136561d7eed75bea2117f5fa9ea4611e37d544ef97b5dd031cc

    • SHA512

      30734810ce2d71183c05d80ad751d786c0800799fdbb273e563585611d4178a31bc90674b31ec27771c0795705c8992c79f2ac5dde416df2825338794a6a3971

    Score
    3/10
    discovery
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks