Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

v/9PbHH.dll

windows7-x64

7

v/9PbHH.dll

windows10-2004-x64

7

v/Skin.dll

windows7-x64

5

v/Skin.dll

windows10-2004-x64

5

v/VEzOD.dll

windows7-x64

7

v/VEzOD.dll

windows10-2004-x64

7

v/War3Shout.exe

windows7-x64

5

v/War3Shout.exe

windows10-2004-x64

5

v/pe.dll

windows7-x64

5

v/pe.dll

windows10-2004-x64

5

v/v.exe

windows7-x64

7

v/v.exe

windows10-2004-x64

3

启动VK.exe

windows7-x64

7

启动VK.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3f17c5161c07395d1d4241a666f4e83e_JaffaCakes118

  • Size

    4.5MB

  • Sample

    241013-ljdvlstgrp

  • MD5

    3f17c5161c07395d1d4241a666f4e83e

  • SHA1

    a9509ceca32df124b50a1ca971fc48c52aa36809

  • SHA256

    cfac663ce6d6b69fa74c1e5dda175f82b4d3e83d4a52da8b0777fa707689211f

  • SHA512

    adda297381f7ae61fe10f2740ddcf2b520b590a64b2ceeb1e0aa0b3d9d49bc260084b0371f9e1eb158bf8a73763a01f6281d8c0b31df56201a1e968e86c4937d

  • SSDEEP

    98304:1ZqFcd/B9nIVGUZmFyA5sQcAgnVdinjY96j8S61x8nLs9+WPsMZrNf:1HdZRIvZMyKUnVGjroS61an4EWPxZrNf

Score
7/10
discoveryupxvmprotect

Malware Config

Targets

    • Target

      v/9PbHH.dll

    • Size

      2.2MB

    • MD5

      137a8d46464c7b6647f72c5eb45419fa

    • SHA1

      14f7f6ec079b54a227d68917b5de07996358a41b

    • SHA256

      7ccb8b5d3941127c59395e1cba959f9c063d5fd61b75b4e2e7fd293627b196e7

    • SHA512

      aac6f38ce21989c4fdad0a29b4669d442ae6856f36bc045efa9dc82e9054bfa562cc71ab4bf3854dccd3655c67fc0f50ed72f6bc6306fe3f96c0da6e1eaac095

    • SSDEEP

      49152:F6QzGPQauBHygDa3/B3MXfN8Z3liQFuD8gD9zVpU0JUVY6m4em3AC:UIGIacuB8XF8B49zwsUVhm4e

    Score
    7/10
    discoveryvmprotect

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Drops file in System32 directory

    behavioral1behavioral2

    • Target

      v/Skin.dll

    • Size

      90KB

    • MD5

      343a0dd8583bd6d9c54cd55e123fa190

    • SHA1

      57e7ff6d549d5e4ff37cf9c1d5c6ffb1d19451d4

    • SHA256

      4aa1d937eff6fe54bcabc5a30f79ac2b4a60c91fe0ed4e5b4b66855ada144908

    • SHA512

      c9293b0eb0877cee244c4c511b774ca596b7bb01105e32f7eb7bb11fc811d51bbd1bf356f163374837e80a69f2621d6771e4d03ec6c4bad19652154745718e00

    • SSDEEP

      1536:QnimkAvYjZQrxE6jgaSwu/FNpWy9Q6uDuZNBSQ7c/zD+L9YpVuBbqoWuK0Es:QnHQZExnjgaSwuNNpJy6uDCNh7aD+hYO

    Score
    5/10
    discoveryupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral3behavioral4

    • Target

      v/VEzOD.dll

    • Size

      904KB

    • MD5

      253243efa1f7f981be13536bf0b37ee8

    • SHA1

      71456fe201419f4d6003d8ca175ce70a04ae0190

    • SHA256

      60b4b829baa82ef80f2f7a5f307480b0d59fb5a1f1d436bb5534143936803308

    • SHA512

      a58ae4053d6db9c449d05c58217a2314ef95a6d2eb93e8c0b254b34e18a626f61bfd4400e3d8d99bafe786b693cc7ac06f77fc0800f07f28ea0fced085ec2545

    • SSDEEP

      24576:henowC/krhizl52AJdYjwF1OD5spbKzzg:heAhUA/Jpb

    Score
    7/10
    discoveryvmprotect

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Drops file in System32 directory

    behavioral5behavioral6

    • Target

      v/War3Shout.exe

    • Size

      34KB

    • MD5

      5379ba27f462d4d0805461a9c5f7d638

    • SHA1

      2ef57fe4bf6b021392d223b17c596b2cfaf3e1dd

    • SHA256

      d188663c4cb249c3af45c6cbd31cc01f0a2be206b95c8500e2a96db26134e781

    • SHA512

      09884f62784b15c52252dc4789feb6e0d72161e397433834ece06817ba563d17a3aed003ae53f87964075dff3a13d9b3f55fdd45bfdbf7b354e82bc6a405eb2e

    • SSDEEP

      768:8/5yKouxljKvAaowrjZKaQ/qYnd6Ck9xg+nBZH2MlwWe:65VouxljKvZnZHNdWMOr

    Score
    5/10
    discoveryupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral7behavioral8

    • Target

      v/pe.dll

    • Size

      15KB

    • MD5

      9fc93047d88741e9d5382dc7309f7379

    • SHA1

      a8a237db66e374f9ed798e481678f9d5f8f80a15

    • SHA256

      7fc33b4e2d7e4291a4599ffcbefe2e5772e3d53fbaaad32b54f10e8aada953ce

    • SHA512

      86c181aad81a33cc243142ca0a2217e9414ffb5f5769d0538e9522f226840c94cf14ee3c71dcac2365ee6da99f81713cb32478abdf0312181c327aab34404325

    • SSDEEP

      192:sDi0J0YW6wt5yZ7H2/UC1aADEprQtUYd7qQJIApg98fbRAQQ/Lt7qozp5ZinaxCV:s20X1Z7/C1BEprQtU6lBDRi/xOhag4K

    Score
    5/10
    discoveryupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral10behavioral9

    • Target

      v/v.exe

    • Size

      2.1MB

    • MD5

      4f6c09480ef5f7a4adf9179ae871c353

    • SHA1

      6186f27d9769460c2327ded74269dbd2c237f1b2

    • SHA256

      ea9a07fabd737229a5a230398b40ca2b73ceef44a17d1c52555a339eafd89c41

    • SHA512

      f89a4fb314e4f3c8216179ac04c908dd8fa4305c272272af4e6e9b85cd0a3738f7c06e263372e3f15550ba26334480882a31a70863468c4ab2c2ea3b7ead669f

    • SSDEEP

      24576:zSHvVDWZnUiwhAC2d2DN5VKXUSCi9wVXLxyLQJNyET/WAcjZRBKRDcL:zYq7dC2d2DN5gXUA9KxyLQRT/9clf4A

    Score
    7/10
    discovery

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral11behavioral12

    • Target

      启动VK.exe

    • Size

      44KB

    • MD5

      b9d83695fd09784e44213c62a5f350fc

    • SHA1

      e4d822e72d30badae5116263360c6d2ae1aaa819

    • SHA256

      e6697e51280e96d33ca7cd8bef7d8590f30e8d01420e4666c5e7a8de8bb3093a

    • SHA512

      610fa68978ae298e852e469f31c90038107a170e936c5461f35c658ff2edbe29e4fad89219e0603210ccf7dacc989722842d340495178615b30e93c70b181e8d

    • SSDEEP

      384:lBdQaH8DN3lFWqSsToP1lyU0hmtHEL0hmEoP1ly+FWqSsCdQaH8DN3:lBdLcp1gsov9vHELaovJgpdLcp

    Score
    7/10
    discovery

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral13behavioral14

MITRE ATT&CK Enterprise v15

Tasks