Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ZEHAHAHA.exe

  • Size

    30.4MB

  • Sample

    241201-jpggksymgx

  • MD5

    d3daed0c9c1f809601ea7683b007380c

  • SHA1

    1b46c16855ea23e22c6ec45444241a55bc58cef6

  • SHA256

    2a7bbfcf72ac2ba1d70b42481809113979f2999bedee9ec2a860a3e1c51994b6

  • SHA512

    0da2c32e73132af01096a0f89009e697a6dfb2b30a3a0b740e809accddedefb731a9beebd25a8c21ca363f7be1660f8e90527f64c0397e2c8c9901199cc9b5d8

  • SSDEEP

    786432:e+iIZUW8rm1NddbOzcY8761MZ6deV8v0W5w68gv/FvM+0:I5WqmddCE7tdhW7/K+

Malware Config

Targets

    • Target

      ZEHAHAHA.exe

    • Size

      30.4MB

    • MD5

      d3daed0c9c1f809601ea7683b007380c

    • SHA1

      1b46c16855ea23e22c6ec45444241a55bc58cef6

    • SHA256

      2a7bbfcf72ac2ba1d70b42481809113979f2999bedee9ec2a860a3e1c51994b6

    • SHA512

      0da2c32e73132af01096a0f89009e697a6dfb2b30a3a0b740e809accddedefb731a9beebd25a8c21ca363f7be1660f8e90527f64c0397e2c8c9901199cc9b5d8

    • SSDEEP

      786432:e+iIZUW8rm1NddbOzcY8761MZ6deV8v0W5w68gv/FvM+0:I5WqmddCE7tdhW7/K+

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.