Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
26e44a5cf0faf8058e0c0493fff7ebaf_JaffaCakes118
-
Size
4.4MB
-
Sample
241008-27pj1s1emb
-
MD5
26e44a5cf0faf8058e0c0493fff7ebaf
-
SHA1
978ca9b5734dabada7fec0878129eca5b6f0b14d
-
SHA256
a222bdf089f24ea1da86f7a6a6335acff90fc329ee9e0f7a21003fa42624869e
-
SHA512
7bea0a15047681f29652f28dc054a64ea8540beb4f11562e0fb5f61ac6b73a5b808015264357a846274527ccd20eaee78092917719eaec016134712ac25018a7
-
SSDEEP
98304:pu0qCweSbKLidzk8+ooxnDPSyp4u9hSfbTU3ljckkGt9Kj0jpOOm/:pudLbHzkBDSu9hSU3l4o9003U
Static task
static1
Behavioral task
behavioral1
Sample
999网址导航.htm
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
999网址导航.htm
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
SkyDriveSetup.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
SkyDriveSetup.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
ذ˵.htm
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
ذ˵.htm
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
999网址导航.htm
-
Size
101B
-
MD5
75570b806f2c9930812b6b71c4f0d26c
-
SHA1
111d0df233a973b15c7448bf96246d491655b0fd
-
SHA256
afb5671178dc0edb69866c5cf996dcc237253187dcd4338265643fc904b94781
-
SHA512
abf90fb21a2060ae6d2263da533ec2858ed46383d9dbf8769e7e4b0a5ecc77b6517a26d143d05f88807e2b1832fc982876dd32465bc2fd3f6680cc906bcb4e89
Score3/10 -
-
-
Target
SkyDriveSetup.exe
-
Size
4.9MB
-
MD5
6961f3aec7f861c65091b8fb35086561
-
SHA1
e3b0fb8d929898ad342002afa28cc265194efe90
-
SHA256
cc9d7f28a00c0782658cfa90cfa69baebbb056d1838011f30782d2e96e2979fb
-
SHA512
e0fb908d916647e0297e272ec1428f6b70e4538bfdc2e8a99f45308e3d73165661a0bc3ef1425e6e8ad3da3e321bea9f5a4e10dc4434aeb4d0addf34027464bb
-
SSDEEP
98304:2qfhtV37w74C0CJmzevREdhOXQTFB74unJSqqgw3LFkkEGr3ra:JfXVrw7RRE2gTgunJSYw3LiWra
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
-
-
Target
ذ˵.htm
-
Size
3KB
-
MD5
3a7e9e5ad3c30b81eafe94c577728cd2
-
SHA1
1003c4d73fd36da952aa21c78d156c46cc236846
-
SHA256
a8e5c8ca6d0f3136561d7eed75bea2117f5fa9ea4611e37d544ef97b5dd031cc
-
SHA512
30734810ce2d71183c05d80ad751d786c0800799fdbb273e563585611d4178a31bc90674b31ec27771c0795705c8992c79f2ac5dde416df2825338794a6a3971
Score3/10 -