Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
8Static
static
5d215cf3550...7N.exe
windows7-x64
7d215cf3550...7N.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PROGRAMFI.../m.exe
windows7-x64
8$PROGRAMFI.../m.exe
windows10-2004-x64
8$PROGRAMFI...UL.exe
windows7-x64
6$PROGRAMFI...UL.exe
windows10-2004-x64
6$PROGRAMFI...xb.exe
windows7-x64
5$PROGRAMFI...xb.exe
windows10-2004-x64
5Hash-MD5֤.exe
windows7-x64
3Hash-MD5֤.exe
windows10-2004-x64
3uninst.exe
windows7-x64
7uninst.exe
windows10-2004-x64
7General
-
Target
d215cf3550092e9833a3f540caca905b73460f9b0ea0f97637aea5301e9389f7N
-
Size
159KB
-
Sample
241011-2bt5maxdje
-
MD5
226dece4190c782f6179d9636e3646e0
-
SHA1
1ab7c2fd1a06447eaf6999010e282a08ad66b264
-
SHA256
d215cf3550092e9833a3f540caca905b73460f9b0ea0f97637aea5301e9389f7
-
SHA512
f4f0f2b52362064ab1a8da0e73a9ae6cfd2e7542e42dceebdd3d2096ff9d19ade1206159e4fa301c28b148845363d41e5a9344f5fea9d7b8ad280318d2d876b9
-
SSDEEP
3072:4ZMJnTeM4cJJHOSxtwbsDHxDYvGw7rgdVikMf7qkIW+K:UeTeM/bOSxusDHRYu6gdVihp
Behavioral task
behavioral1
Sample
d215cf3550092e9833a3f540caca905b73460f9b0ea0f97637aea5301e9389f7N.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
d215cf3550092e9833a3f540caca905b73460f9b0ea0f97637aea5301e9389f7N.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
$PROGRAMFILES/Funshion Online/Funshion/m.exe
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
$PROGRAMFILES/Funshion Online/Funshion/m.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
$PROGRAMFILES/Intel/yFMSUL.exe
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
$PROGRAMFILES/Intel/yFMSUL.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
$PROGRAMFILES/Windows Media Player/jcxb.exe
Resource
win7-20240708-en
Behavioral task
behavioral10
Sample
$PROGRAMFILES/Windows Media Player/jcxb.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
Hash-MD5֤.exe
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
Hash-MD5֤.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
uninst.exe
Resource
win7-20241010-en
Behavioral task
behavioral14
Sample
uninst.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
d215cf3550092e9833a3f540caca905b73460f9b0ea0f97637aea5301e9389f7N
-
Size
159KB
-
MD5
226dece4190c782f6179d9636e3646e0
-
SHA1
1ab7c2fd1a06447eaf6999010e282a08ad66b264
-
SHA256
d215cf3550092e9833a3f540caca905b73460f9b0ea0f97637aea5301e9389f7
-
SHA512
f4f0f2b52362064ab1a8da0e73a9ae6cfd2e7542e42dceebdd3d2096ff9d19ade1206159e4fa301c28b148845363d41e5a9344f5fea9d7b8ad280318d2d876b9
-
SSDEEP
3072:4ZMJnTeM4cJJHOSxtwbsDHxDYvGw7rgdVikMf7qkIW+K:UeTeM/bOSxusDHRYu6gdVihp
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
14KB
-
MD5
0dc0cc7a6d9db685bf05a7e5f3ea4781
-
SHA1
5d8b6268eeec9d8d904bc9d988a4b588b392213f
-
SHA256
8e287326f1cdd5ef2dcd7a72537c68cbe4299ceb1f820707c5820f3aa6d8206c
-
SHA512
814dd17ebb434f4a3356f716c783ab7f569f9ee34ce5274fa50392526925f044798f8006198ac7afe3d1c2ca83a2ca8c472ca53fec5f12bbfbbe0707abacd6b0
-
SSDEEP
192:n6d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jPK72dwF7dBEnbok:n6UdHXcIiY535zBt2jP+BEnbo
Score3/10 -
-
-
Target
$PROGRAMFILES/Funshion Online/Funshion/m
-
Size
100KB
-
MD5
ffa9a7df6480ff67b5492f7a118e1b4b
-
SHA1
2fdd98953d7dbff5f027cdff4b34f33c90374101
-
SHA256
9f68c06375e0c5b624e81938ad8df51ea3053b7100c7e96adeee5e5207d2d5c3
-
SHA512
c90cac6640b7f104903003f3d2adfd7a64aea23e6465e951e155b5616b884b536227ba6b4d8be95bf9f788e607a098606c82e9925136e9397f7fe330f171fb60
-
SSDEEP
1536:WyZMSZFvknTePMZd4k4kJJM4Romu/5M7HVtfVt+gTXBUZ0qeUxVzef6i0lixG/HZ:xZMJnTeM4cJJM45DjVhDOZzxVayrrdZp
-
Sets service image path in registry
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
-
-
Target
$PROGRAMFILES/Intel/yFMSUL.exe
-
Size
11KB
-
MD5
a4ee3b862cbed8c2d12ed4417da46de5
-
SHA1
e3ff3b42ad2ef5c6b5a255f261d49bfb9209f183
-
SHA256
e0c17f93b8de19524ad4092bc2e2e78e91985acef5740c95cdb577bcd5b63c62
-
SHA512
f03b1cc3226c3ff64c4b8ca5ff3372b221228a71077172de6435ac6af024d9d94f43acf7464c1f461e8124fc677d765ebfd27a076b1f253a7a682ef8751c75d0
-
SSDEEP
192:SczFy0JIZgAtxlw/OQoP1hscuLhIE0MlCMKrNqb9D:7zU0CZgAtbwN81hscuqslCBR4D
Score6/10-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
$PROGRAMFILES/Windows Media Player/jcxb.exe
-
Size
12KB
-
MD5
cac39e1fc84fda5c1179404ea0e7de52
-
SHA1
8f5ece3b85495dc92c7004d36bf7daa56b3bb43b
-
SHA256
f457b697c1b74807da7f840a7a927bad817b03d9a19d9b211d3d2c7d5bb9e0cc
-
SHA512
5227f346bb9eb5a0fac15a700b247f73d7761adfc7190543dd0ac47b0a2882484af705ce03c1fe3da3e2489954e2dcf6add198d0cf6d54b5303a258e3d4a84a3
-
SSDEEP
384:iy5CBZYz3rDIs1jvEoIILAPBjFtwvcXC6ma3:iMgZQbMs1qIQFFNy6ma
-
-
-
Target
Hash-MD5֤.exe
-
Size
28KB
-
MD5
c32dc8425b51bd5a89523a70a475fa3d
-
SHA1
e77137c1ece33cc882f5b3e4c7f5676c69d97106
-
SHA256
d18592ddb146d079f5b58c26a213eb0f377e0291b7f0aa08e6574968b71f8614
-
SHA512
8be5df21ffcb2389a16a8e557deac38e8a7135eadeb0707cf8f5fba5e6e0c97e57ddca79b93809d7b199b3d8dcda10139850f08517a1c2e0c0a1c86a1a2148f5
-
SSDEEP
384:Zgaq3bc4ivsSLzwG27W6k2TzFtwX7ryFsoqN1XA8E3wH4MZd9R41PJxBSUeJ:qaq3bc4ivsMwUBLrZncBxBSJ
Score3/10 -
-
-
Target
uninst.exe
-
Size
33KB
-
MD5
681f025c5d03e74b5d200300f2927a07
-
SHA1
336161a0e1b1593711fb097f495c9b4b4b88fbc2
-
SHA256
744f8847f96d6c1e1fcb0ef0cb6714d1fa287acf465c90a9643c3e3d5de5ab47
-
SHA512
c4279036db2e8879755e19adfc3e0ad24632f69eac38c778285602e2586611633da567a078faf4cd07bbe1c216d42c9b14685d6f00f7c2f7e3ac0a36d917d456
-
SSDEEP
768:phMZ0dF4ZFvQbn+eePu3cIQGCGbiC4k42M3wJJdgM:pyZMSZFvknTePMZd4k4kJJdgM
Score7/10-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Browser Extensions
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
4Pre-OS Boot
1Bootkit
1