Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d215cf3550092e9833a3f540caca905b73460f9b0ea0f97637aea5301e9389f7N

  • Size

    159KB

  • Sample

    241011-2bt5maxdje

  • MD5

    226dece4190c782f6179d9636e3646e0

  • SHA1

    1ab7c2fd1a06447eaf6999010e282a08ad66b264

  • SHA256

    d215cf3550092e9833a3f540caca905b73460f9b0ea0f97637aea5301e9389f7

  • SHA512

    f4f0f2b52362064ab1a8da0e73a9ae6cfd2e7542e42dceebdd3d2096ff9d19ade1206159e4fa301c28b148845363d41e5a9344f5fea9d7b8ad280318d2d876b9

  • SSDEEP

    3072:4ZMJnTeM4cJJHOSxtwbsDHxDYvGw7rgdVikMf7qkIW+K:UeTeM/bOSxusDHRYu6gdVihp

Malware Config

Targets

    • Target

      d215cf3550092e9833a3f540caca905b73460f9b0ea0f97637aea5301e9389f7N

    • Size

      159KB

    • MD5

      226dece4190c782f6179d9636e3646e0

    • SHA1

      1ab7c2fd1a06447eaf6999010e282a08ad66b264

    • SHA256

      d215cf3550092e9833a3f540caca905b73460f9b0ea0f97637aea5301e9389f7

    • SHA512

      f4f0f2b52362064ab1a8da0e73a9ae6cfd2e7542e42dceebdd3d2096ff9d19ade1206159e4fa301c28b148845363d41e5a9344f5fea9d7b8ad280318d2d876b9

    • SSDEEP

      3072:4ZMJnTeM4cJJHOSxtwbsDHxDYvGw7rgdVikMf7qkIW+K:UeTeM/bOSxusDHRYu6gdVihp

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      0dc0cc7a6d9db685bf05a7e5f3ea4781

    • SHA1

      5d8b6268eeec9d8d904bc9d988a4b588b392213f

    • SHA256

      8e287326f1cdd5ef2dcd7a72537c68cbe4299ceb1f820707c5820f3aa6d8206c

    • SHA512

      814dd17ebb434f4a3356f716c783ab7f569f9ee34ce5274fa50392526925f044798f8006198ac7afe3d1c2ca83a2ca8c472ca53fec5f12bbfbbe0707abacd6b0

    • SSDEEP

      192:n6d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jPK72dwF7dBEnbok:n6UdHXcIiY535zBt2jP+BEnbo

    Score
    3/10
    • Target

      $PROGRAMFILES/Funshion Online/Funshion/m

    • Size

      100KB

    • MD5

      ffa9a7df6480ff67b5492f7a118e1b4b

    • SHA1

      2fdd98953d7dbff5f027cdff4b34f33c90374101

    • SHA256

      9f68c06375e0c5b624e81938ad8df51ea3053b7100c7e96adeee5e5207d2d5c3

    • SHA512

      c90cac6640b7f104903003f3d2adfd7a64aea23e6465e951e155b5616b884b536227ba6b4d8be95bf9f788e607a098606c82e9925136e9397f7fe330f171fb60

    • SSDEEP

      1536:WyZMSZFvknTePMZd4k4kJJM4Romu/5M7HVtfVt+gTXBUZ0qeUxVzef6i0lixG/HZ:xZMJnTeM4cJJM45DjVhDOZzxVayrrdZp

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Sets service image path in registry

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      $PROGRAMFILES/Intel/yFMSUL.exe

    • Size

      11KB

    • MD5

      a4ee3b862cbed8c2d12ed4417da46de5

    • SHA1

      e3ff3b42ad2ef5c6b5a255f261d49bfb9209f183

    • SHA256

      e0c17f93b8de19524ad4092bc2e2e78e91985acef5740c95cdb577bcd5b63c62

    • SHA512

      f03b1cc3226c3ff64c4b8ca5ff3372b221228a71077172de6435ac6af024d9d94f43acf7464c1f461e8124fc677d765ebfd27a076b1f253a7a682ef8751c75d0

    • SSDEEP

      192:SczFy0JIZgAtxlw/OQoP1hscuLhIE0MlCMKrNqb9D:7zU0CZgAtbwN81hscuqslCBR4D

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      $PROGRAMFILES/Windows Media Player/jcxb.exe

    • Size

      12KB

    • MD5

      cac39e1fc84fda5c1179404ea0e7de52

    • SHA1

      8f5ece3b85495dc92c7004d36bf7daa56b3bb43b

    • SHA256

      f457b697c1b74807da7f840a7a927bad817b03d9a19d9b211d3d2c7d5bb9e0cc

    • SHA512

      5227f346bb9eb5a0fac15a700b247f73d7761adfc7190543dd0ac47b0a2882484af705ce03c1fe3da3e2489954e2dcf6add198d0cf6d54b5303a258e3d4a84a3

    • SSDEEP

      384:iy5CBZYz3rDIs1jvEoIILAPBjFtwvcXC6ma3:iMgZQbMs1qIQFFNy6ma

    Score
    5/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      Hash-MD5֤.exe

    • Size

      28KB

    • MD5

      c32dc8425b51bd5a89523a70a475fa3d

    • SHA1

      e77137c1ece33cc882f5b3e4c7f5676c69d97106

    • SHA256

      d18592ddb146d079f5b58c26a213eb0f377e0291b7f0aa08e6574968b71f8614

    • SHA512

      8be5df21ffcb2389a16a8e557deac38e8a7135eadeb0707cf8f5fba5e6e0c97e57ddca79b93809d7b199b3d8dcda10139850f08517a1c2e0c0a1c86a1a2148f5

    • SSDEEP

      384:Zgaq3bc4ivsSLzwG27W6k2TzFtwX7ryFsoqN1XA8E3wH4MZd9R41PJxBSUeJ:qaq3bc4ivsMwUBLrZncBxBSJ

    Score
    3/10
    • Target

      uninst.exe

    • Size

      33KB

    • MD5

      681f025c5d03e74b5d200300f2927a07

    • SHA1

      336161a0e1b1593711fb097f495c9b4b4b88fbc2

    • SHA256

      744f8847f96d6c1e1fcb0ef0cb6714d1fa287acf465c90a9643c3e3d5de5ab47

    • SHA512

      c4279036db2e8879755e19adfc3e0ad24632f69eac38c778285602e2586611633da567a078faf4cd07bbe1c216d42c9b14685d6f00f7c2f7e3ac0a36d917d456

    • SSDEEP

      768:phMZ0dF4ZFvQbn+eePu3cIQGCGbiC4k42M3wJJdgM:pyZMSZFvknTePMZd4k4kJJdgM

    Score
    7/10
    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks