Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
USB Safe.rar
-
Size
15.4MB
-
Sample
250214-mlpkkasraj
-
MD5
d287e12e0c59883d2b2c5d89c960a480
-
SHA1
c292c149267d83a9b3097957d0567cf0c7c882b8
-
SHA256
9188d34a4ab1316f3f5e47287a32bec55b33a56b45a4aee8a99a2fff7a95b4e6
-
SHA512
149da0498f0958527f993b075ba53e8f013169c3d91c9726b45a1c26330c7a73a85892f7cb4faa549015302194ec4f2bed88b6b30ff5b5f0cb2c5169a5e69ef1
-
SSDEEP
393216:JsqlmA1q6DjN6V9MvUi6WuNq0cPN/PGYsEFigiwYkIfgjQ:eqlt1qIja9XWuIvF/ElBDkIfGQ
Malware Config
Targets
-
-
Target
USB Safe.rar
-
Size
15.4MB
-
MD5
d287e12e0c59883d2b2c5d89c960a480
-
SHA1
c292c149267d83a9b3097957d0567cf0c7c882b8
-
SHA256
9188d34a4ab1316f3f5e47287a32bec55b33a56b45a4aee8a99a2fff7a95b4e6
-
SHA512
149da0498f0958527f993b075ba53e8f013169c3d91c9726b45a1c26330c7a73a85892f7cb4faa549015302194ec4f2bed88b6b30ff5b5f0cb2c5169a5e69ef1
-
SSDEEP
393216:JsqlmA1q6DjN6V9MvUi6WuNq0cPN/PGYsEFigiwYkIfgjQ:eqlt1qIja9XWuIvF/ElBDkIfGQ
Score8/10-
Downloads MZ/PE file
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
Client.exe
-
Size
7.9MB
-
MD5
d8df0c89310c5a850463acca62dac85b
-
SHA1
8a935be60e94faecb45aaa4ee3ffb5fddc63bc40
-
SHA256
c3c0ade7602bb49a44151de1b9e4fa163dd9fb05ec0926487a4f8fe16e21f1d7
-
SHA512
e33a7889bc0ab671a82128ac89a6dc6bcfa7b995dfdee207ea74f49ad54fee65922e5d6309dc8c2519c846291478ab4c38e2d9103e03e6bd9d785681d6728956
-
SSDEEP
98304:/BsZWJnNOvsHI0sFcHxORqirwiPzBWJF8C5sewNHDHjww0MHJINXi8ShRIk2Dp:/egNOPqewCzBWJGzekDHjyMHJINXi+FV
Score1/10 -
-
-
Target
DKey.dll
-
Size
1.7MB
-
MD5
aeaa1185dc3be5f9f76b18a192889f9f
-
SHA1
79707a02c5428a96a81ffa8152d63b304fc0f5cb
-
SHA256
9cab9e35a1d5630a0859ba90f2423d1776a83875884b4e4688151d2658d0d4ad
-
SHA512
b59cb486987cfa094f00b11add352b5921d602cb4d014cb49b0e029db171a1fc9690033726c507145b7222d47a683498aef0ea29693d99896013cc6c0036fce2
-
SSDEEP
49152:cKDQzWBO55iJseGX5zMMpwzPYipkEVdRJmnCUU:JwWBO55iGegzMMpwzzkkdRJmna
Score8/10-
Downloads MZ/PE file
-
-
-
Target
HPSafeBox/con.{d3e34b21-9d75-101a-8c3d-00aa001a1652}
-
Size
1023B
-
MD5
ee4325c998d610499ef9749837313581
-
SHA1
60ee67886d16ca6692e2a679d90d9b9fec380177
-
SHA256
5724796860baa23469b3118eff2567c96a0b64b7dadaf99eafb7ba3c65b9aa56
-
SHA512
9fd2931ec70d5cbe1e9b75c1c0707746f0ca955cbd510e98d477d7d4bdd80dcd7b6215c1994a15957800631a5ef46d3471da2f27cdafb8bc2166027033e8fedc
Score8/10-
Downloads MZ/PE file
-
-
-
Target
HPSafeBox/desktop.ini
-
Size
65B
-
MD5
a5c5dc02cba5ae10aac7999adf4ea70c
-
SHA1
69279dc085b241c748509aa7596f03947658dcb8
-
SHA256
59532944e365d35309ad02557e2ae313003a76e300ee2b176257d9c52f44d15b
-
SHA512
e9425329dae232f30c1a2c6955694b2379d227f2c8d9f80b130ecbf5d8752efd89e5c78c48e0a6c1101d26c8baffa4cfd0dd77758bbb1f9a29144247b91d9f4c
Score8/10-
Downloads MZ/PE file
-
-
-
Target
ProgramData/EasyHook32.dll
-
Size
824KB
-
MD5
259ece8eb25fe3eecb1ff4b6ad2a3195
-
SHA1
cbb5576f44381fe3f59dd6f1191bbfae1e3f4a91
-
SHA256
b71d3930b1fe80f5e4c93314548281e1c4dd387fc3b3802e84eee769705d5592
-
SHA512
1466ba0d9d68e822597ffe92b9f394052b87c9c31715bbee0afa5b534cade01b90634235159d9f9d715257d753a3407534b54bc64ce653b39214e184ba52d718
-
SSDEEP
12288:zryjIUB8IGNi9ZNxLDmgpDmzAY3yxZblqb:PYhBNzNBDmgkcZqb
Score8/10-
Downloads MZ/PE file
-
-
-
Target
ProgramData/EasyHook64.dll
-
Size
309KB
-
MD5
9c147e1d2d19ca54105c264d6811ea66
-
SHA1
3f99ddc4b059bf77dcfa92c27688b8f47721c586
-
SHA256
6d0d69beeebfc0957e520c407f3afdaec6083492706323be101dab8d0331f340
-
SHA512
ef00b6b6818730f3f5101d4a35c822ca2018f614b0a1a688e0e4a5721fa1db7b94955d3891f1cea3902a41664f9674aabdf42aa78932eb1c3b65f15280ee022b
-
SSDEEP
3072:EP2IdWX/yTN3FJEPPfiB9WEAmX6QadqJ7kEjSrVaBYpB5OBEOirclYOaCKk:EP2uTNVJCXS9fAuMqFkEEVaZi21aCF
Score8/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Downloads MZ/PE file
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Drops file in System32 directory
-
-
-
Target
ProgramData/FP/FP.exe
-
Size
3.8MB
-
MD5
43c88dc6b8e0a2e94098a393c34be75d
-
SHA1
4fc0c135a5ec92f78e0faa3ab6554a00b0934f52
-
SHA256
bb4f28feaa3b2eea18914566057060ec4f0e9c6b989431d1b2f0c522d7f49ca2
-
SHA512
139721e3d23e36e48342632d82de030eba12925ddaaa2cf2c7c2968e102dff2d6eec43ade61dc4bf72e028150178b73e2884a1f35f53cb6144b0721d82aa2745
-
SSDEEP
49152:ymLz1PQXX9DRMJHY6ajzgONnl3qav34XSmcJdJETG6jN:1z1PONuHfcNlq3i6x
Score1/10 -
-
-
Target
ProgramData/Key.dll
-
Size
94KB
-
MD5
1ad69a079523e303f5f88edbdc233f0b
-
SHA1
1b805c74186ec609e2ab5f5e24b6c27c251f594b
-
SHA256
73d76248b52994ecbb7a14ef9c2b848c3cf116dd03c2d456dfa41d53bcb9aab4
-
SHA512
d99babf9d2aad929edaef9949cea378c3a139350d32720e29feab7fc4421a1861e3cf6bf0c2dd6a14aa4aa6d9d0373b001b2610d44cc821b2d19b6193c399f9e
-
SSDEEP
1536:3jqjoQ3Qa9bYHcZ8b+6goplj+b9pCd2ZC7wY6KKMf91FWqTFg1I9m78g:ioROMq8a6fplj+b9pCd2ZC7wY6lMl1F2
Score8/10-
Downloads MZ/PE file
-
-
-
Target
ProgramData/WndHook.dll
-
Size
84KB
-
MD5
925e55e8b9cdb85baa0ddbc47cfec1e5
-
SHA1
161d9193f8205cd697d5c7884bc6e440ba68f531
-
SHA256
688a0180608bf8a695dbea17b87a6144c4377163789d20390d23d26e2fda3c0f
-
SHA512
76d34b5dc953675066c08f697c75d9fbda7a0c154e79594d380ca0f58404155a8fc3f041a1bf5aeb58b562911471b1c8396096ea0afe1ec09d00e2377c064c25
-
SSDEEP
1536:6fH1IU+GDOjVEQmm34gVBuuacFWSI4sWjcdwLjV9EgGghJ:oH1j3OjVdBJWSInUV9Eg5
Score8/10-
Downloads MZ/PE file
-
-
-
Target
ProgramData/cscore.dll
-
Size
427KB
-
MD5
228db116a48b4b899684d811a37a5fc6
-
SHA1
26522bb91ccbd8374b158e6a6d55c6686f5b77f1
-
SHA256
767802fc704c0a9f74440f54a815d28981ae28af04737b75cfea680e90f26c01
-
SHA512
924ac7ba296b835d18c86ff8696a4b2e4a2414dcbf180ed58680ea415ee6114d52f0d44ec759df602cf3f0e1f5a63ab0c7241324e30f01090836c93408d2379d
-
SSDEEP
3072:+iR4gv5fme3zkbrPff8qYL1nIMZDbI7Abimak4MXYSovj+96x1ILXcX+2v0Dop4N:+e4g+ryRnIM75VWvxiTcX50x4LqsmsG
Score8/10-
Downloads MZ/PE file
-
-
-
Target
ProgramData/cscore.ini
-
Size
727B
-
MD5
69da9f188498da707d50efb7a5a629de
-
SHA1
9b71bdafa625e70060505ccdca04c9900b7543e1
-
SHA256
45ebb8b7020b4d04371dc30cc8d143db74f76bd9ef3f12d6bcbee4310aced532
-
SHA512
5d8a9264b8e4bb0e92b4dceabf4d6038537fd8c0c4910ff9606963d883640465c2b9846a6542acf54079b190a64b972899271786ae43d40ce34fccf5675b5b22
Score8/10-
Downloads MZ/PE file
-
-
-
Target
ProgramData/cscore64.dll
-
Size
315KB
-
MD5
b411aecf7ef863da1db80ba420b91003
-
SHA1
68aa0924ba2eac1e769055c68733cf2f68a52489
-
SHA256
3cbc464e7c5203aa02b59d8de1ad6c554aec202421011f51dd9d6c7f3bc7e2ad
-
SHA512
b5b7a14f34d57d7d4261d111b7d18b5e23d19fd9e254cc06f0af6d72bbce4e8fd2a46695dcbfc7e217dd5009c8886c8f67e1722d49b122da456320329e110e90
-
SSDEEP
6144:HS9FmJLwRy2xA74Urj3G7p5mvT4GJG18KSh2c2KzFDYQdpX:HaFA2x5UrDG6JG1NKpDL
Score8/10-
Downloads MZ/PE file
-
-
-
Target
ProgramData/splayer/CSMX.dll
-
Size
72KB
-
MD5
b6cfb690fe5997da0f07506c8982334f
-
SHA1
711182ef9a50748927cfac6aa5d1ad5efcb87db2
-
SHA256
571b72ffb844514cbb2d0d903929c56bd0b8f20c0fa0d3b6dadbfc6dc959f11c
-
SHA512
dd045a08d305e38ea5fe04759442531341b9d8977d077db803b1768811c2f17e7997d922187b733f22992723fef6ac3ec4481fd4497a90fd47cf4dc1e1a99777
-
SSDEEP
1536:5KhiggI4wvo1Aq9cBTEEob2oulvyYock5:5KhhgI4wvyAvt0Whock
Score8/10-
Downloads MZ/PE file
-
-
-
Target
ProgramData/splayer/Esdll.dll
-
Size
396KB
-
MD5
e7cf8ddd9941ba6e08e212d91759b174
-
SHA1
c6aa8e0fc0edef731f338422e122ceca00a0969d
-
SHA256
a012917b4567830f38b557f7466bf4a9a6b8af74f34bb7d336edefb1c93f3b09
-
SHA512
9d492cf1ff2d56ad66a200436eef15c8598d08130ed6735eede546b42659b951b4f3a11264876b46e5f637b9b37d7ee4f974e80be327e35072068394e9352956
-
SSDEEP
6144:Ds4753v/TKFs2BQ9lL+2Spp3vjteaheqajv+wQzy:Ds4753v/TKFs2BQ9lLHSpp/jttUWwQy
Score8/10-
Downloads MZ/PE file
-
-
-
Target
ProgramData/splayer/IVMSource.ax
-
Size
216KB
-
MD5
261ceeafb613f8ae1ec96814a0a4ed8f
-
SHA1
a6c16e93f48c7381708496dc718ea32debff445f
-
SHA256
6f73f81f6f50b533b2ae1111ad78ebc3600d41947012cfc0adbe9f790ac0c0fe
-
SHA512
a524b254c5c8833d0423d934dbb498fef5734aa42152b361bd0d1c345377224b9549a45027ddbea93918883a0e7601c9544407f0b17f93c45ef41fcc099110a5
-
SSDEEP
3072:sIIzd882eINJu9SSk3yOioUWgjaDt1x0QHYjFzVx0Z/LyyK9FRt8tThhiBhMThZ9:d6SSk3Hw8YZzVIzhrMBksIgFHg62
Score8/10-
Downloads MZ/PE file
-
-
-
Target
ProgramData/splayer/PmpSplitter.ax
-
Size
236KB
-
MD5
dc1defde4f0b51bd17332586d0962786
-
SHA1
06a6da68883b7ef5f515f9df9d58004b502d15bb
-
SHA256
fc4d9fbdfebec64d2d7207ceba6fec4ad8ec2b210ee07775577d4435ea5ad8e5
-
SHA512
01fd15256abd24deb758e6007bef77184fad94e945192dd650d9b01798ed974675b60d818f2d570fda9b2a8c6f27d1ab2d38b342a464613079adfa34a2b4f83b
-
SSDEEP
6144:kOKxw3fICwnQQABCZs04tq4t+9U0P2N4:Rgn7FZswTON4
Score8/10-
Downloads MZ/PE file
-
-
-
Target
ProgramData/splayer/RadGtSplitter.ax
-
Size
288KB
-
MD5
7668248c3101e6cca0b88fc9ea99f6a3
-
SHA1
161c786cfb89fde589a5fa0c79ad2986541e3fc9
-
SHA256
7d6eeea0a3d1bdaf6d5e2bd13916836121026a6e37da2474296a8bcbbe538677
-
SHA512
94e7d68824c4e4ce1f58d909ee9906725cc27d70f03a52708fb6c1e9f797dda475609d4cf2f5907029a7aae535946e5caca2a73b7c58def126f1d1845a428ca1
-
SSDEEP
3072:whNH3BilrDE4LN+XZsFk5286zoSu+KEK8I1I15ePDMtcsWD47MKOEs9U2UHBlp9q:zPE4Uc3ESlK/1I1MAk47Mt9m9ztOH
Score8/10-
Downloads MZ/PE file
-
-
-
Target
ProgramData/splayer/SVPDebug.log
-
Size
1KB
-
MD5
8ed894d30eed3af625e6142b78a1c5e2
-
SHA1
97a08317c3f6ec0a38de0681def6933fe815cf5e
-
SHA256
066d30a44264c110d77593efdb3758f96980756ae87b9e732389eefc3ba6828e
-
SHA512
3dfc04c92e9f4b8586fe7a0047c7265a8682ae8326e2adcbb5622f04a5d0ff336810c2bcb681783432acc4c66402cbb63410b66573577a6deda920cf99487cf9
Score3/10 -
-
-
Target
ProgramData/splayer/atrc.dll
-
Size
76KB
-
MD5
c6771e032b4085968e8e081c57c49f0b
-
SHA1
33c7d7f1832b82cb4125661fb6c19aea538ea2a4
-
SHA256
6786a8cc5a7a46d2e36939254d8a8efada9cd5121e546f7f042eb705795d967c
-
SHA512
cc98f2281dd915eabcc23ec229f8dd263342215cba651729e07191208bafb6cbd59296f69a189c92da8692b91ac5e945eace24e2c2855d696408d9f7c29053f5
-
SSDEEP
1536:Oym6A9Zm70p6N+/6ZZ8jBns+unZ2QuMRl:HmdZ6NcA8JpIZTuMRl
Score8/10-
Downloads MZ/PE file
-
-
-
Target
ProgramData/splayer/binkw32.dll
-
Size
367KB
-
MD5
002cdf612509807b33e4ab09c686a966
-
SHA1
73a2ee8ec4c074b6a5c5485c615ee7ce230137e0
-
SHA256
2d0ae23a6175dc7b635c402a5e7e9542e923c0d1c376a8c5ef876ca0d5959d23
-
SHA512
e6d1c3f5e33ff8fc56b4798a6155ae76411ba9a234bea599338b7af424051943b1a2e666baa6935975df3d0354ba435962d1281b88b1ea17a77b1fbeb2cecca2
-
SSDEEP
6144:kkTBPP62N/OS8+YTT9rlgVNgkw7rJRddRuE4dMDVYxfTiolohXdkoS3RqcS4mIgs:kklWl5VrlgVNgkw7rJRddRuE4dMDVYxv
Score8/10-
Downloads MZ/PE file
-
-
-
Target
ProgramData/splayer/csfcodec/ijl15.dll
-
Size
364KB
-
MD5
1aa06c81a0621e277e755b965b5e4b5f
-
SHA1
4a6f2a8cb383192c80ee0b2c1deee3c795a0986a
-
SHA256
334aa12f7dee453d1c6cb1b661a3bb3494d3e4cc9c2ff3f9002064c78404e43a
-
SHA512
49a8ab45b176667c4dd69f86abe7c608cfa8f37af14f6326a2d56553adef08d9a416e79bf31a06e59653a487df539dc6aefa6ddedad0042477aea89bb215e9c7
-
SSDEEP
3072:Ym5/JSmfd23YsND6QbiLw3tJ30N44nZutjC6++h2NStogI5xF+iX9ZaPqCK0QaL:Y2sND6Qbi3NetW6++h2NSjPRKZASYLu
Score8/10-
Downloads MZ/PE file
-
-
-
Target
ProgramData/splayer/csfcodec/mpc_mcucltu.dll
-
Size
124KB
-
MD5
1aafc350fcc3dd779318b35a28da2dfc
-
SHA1
551ec6829b85ec06a8eed31514ae2c546ac89edb
-
SHA256
a8b3302278d43c5530569a7328d9466f4d3c2f09dddc2aa9edef7a243f7c7151
-
SHA512
43eff2803061121aef477ad313e9dcdddec1cae7bbafb70b9737f7a82cfc045a0fd0c52923f77b580fec82c7e23a35ba98116819500a4111b9712d4ed9d36ddf
-
SSDEEP
1536:1zdQQeaqEX5JtfEbac/de6UipX19J9gwagN0zMHx1QV9lp3Z1:FqaRXWlGipXz3szMHx+V9lp3L
Score8/10-
Downloads MZ/PE file
-
-
-
Target
ProgramData/splayer/csfcodec/mpc_mcufilecu.dll
-
Size
92KB
-
MD5
ebc40e6239ac8f4f540707ee091dd30b
-
SHA1
2f830b951a68ce9700ef7a47fa2d3be9db285643
-
SHA256
2e551151c3fc7dc88a462f46bad62d8e2022ab6a7b3250da0eaa1d1bad81e1f3
-
SHA512
891016940c2ba93fde6b78101c661dd70534c462183da6776873d8b08351431e76d60ab70b84d82e11b98ec6d7e5c6f8b25c421408187331b4346ef85c0dd351
-
SSDEEP
1536:BRXoPAI/8ETdo2vH31ihB8uu8HCLOUXw5XZkwQwuFnsFjFUJipl6hh/llE+De:XXnI/8ETdtvHliLDcLw5aeXUJipl6D/e
Score8/10-
Downloads MZ/PE file
-
-
-
Target
ProgramData/splayer/csfcodec/mpc_mdssockc.dll
-
Size
108KB
-
MD5
58135a410b167716559dd10e4490af16
-
SHA1
cbd792cec4643d76b61fc9f96248a9fa92bb23ec
-
SHA256
77a7b542ceab4c9107201e207c093408bbecb1b8d0e1ebb818ba937df8cf731e
-
SHA512
8455aa9f09319ce276a7a22c1e6f96a01ca1cfaf5a4cf9ffe4be45f51da9ee4303ec1581c486f283f9eae3ecda474ce353ea3ea776226e151074a7fac3207bc8
-
SSDEEP
1536:j/6CtTPZLmar9ZRBlRfaKf8HmPfxYb/nTsYd6OOVI1wV/MVbZiDnMn:jCCtTRLmSZRBlbECsnZeTGVbZiDnMn
Score8/10-
Downloads MZ/PE file
-
-
-
Target
ProgramData/splayer/csfcodec/mpc_mtcontain.dll
-
Size
192KB
-
MD5
e0efe1dab943f136d263f3d85d2f1944
-
SHA1
763c2fe2ce37d479b5b5b716b95cbf29199cae33
-
SHA256
a46ff7bb0216e79265c550121ee6d2f0688e357e8633f5d394cfa6a55429bbb7
-
SHA512
4942d5d44df4c043d5bf397205f77300aff059a26a803708781e0f7e14423b485c1c551aa73dd83378df6ec6a51618b2a148412d426329b744a8ea946a452702
-
SSDEEP
3072:1il6SgaNMbKlFzbP8ezt3SKG/sl/3ETDp:1il6naNMbKlF/5BSJ23
Score8/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Downloads MZ/PE file
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Drops file in System32 directory
-
-
-
Target
ProgramData/splayer/csfcodec/mpc_mtcontrol.dll
-
Size
184KB
-
MD5
6378a2aca2d140475e829377bded3880
-
SHA1
37e0fcc9f89ee2bcaa46afe916b65c8be4ae6274
-
SHA256
746a1f508b20461fed66fdc950dd6c36707e88699b7070833d0dc8e83cc95a1a
-
SHA512
ae7ee08fa505120e30839fffb17583f12b7754d42d2948adc998067b2dae7dedb947947227ab2bb6eb38c71057342e551e792e8ad4780b45e35f6b3cc0c824e6
-
SSDEEP
3072:Z2i0uEqmgzsjFno2nWAa3cXtk1KaSzfrZW242Zl4yHlOAxLpp:Z2oqfnW/GtksaSHZW242ZOycAxL
Score8/10-
Downloads MZ/PE file
-
-
-
Target
ProgramData/splayer/csfcodec/mpc_mxaudio.dll
-
Size
180KB
-
MD5
4c00d9f5ed7ccdf35d8cb3261a50caee
-
SHA1
e9f14d7d1536e2bca2c39b566a3ccd0340b93896
-
SHA256
39341a4960db493e8e06e8e6513ea80bde5100d922bf2d221b51079b8aa81605
-
SHA512
7265139f4ca7a9e56690f2c2abe57e5e67188d46316d401c1dcde6fe901566e71cba7167dffb2c09f64be62f74f358e34defae1313e68bb5cb914f2991fe8521
-
SSDEEP
3072:kwOyanSkyP1z7h6Yhl5D69pF6RJtGB+jU6n4ZzpeylHK+Wx8f:kwOyL9zl6Gl0FiGAn4Ztec
Score8/10-
Downloads MZ/PE file
-
-
-
Target
ProgramData/splayer/csfcodec/mpc_mxrender.dll
-
Size
180KB
-
MD5
456bb7c4af47a98ebdba68f9f820cfa6
-
SHA1
7b1199737077f14424044ca840bd19deb8a62c2d
-
SHA256
01b77e244cc16564cab082a0b7b74615b565bb23511afec8204d19d0cf70a772
-
SHA512
ea6b0d304e6c8e6769b94c59375aa20c10a56532cd0dacf8ad7fabfa37ee0dede62727c4c90c71b70cb4c7dd24d0c28329609f31a93eadbd0cbf4482b05bb3e0
-
SSDEEP
3072:ttXINt+fEsL8vXQzYUN7lKm9+7+48pgAg0Fux5yolmjG:tuWfvFlZG+4CgAOXyG
Score8/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Downloads MZ/PE file
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Drops file in System32 directory
-
-
-
Target
ProgramData/splayer/csfcodec/mpc_mxscreen.dll
-
Size
248KB
-
MD5
9d1a9816646bac9e232b40d7c932097f
-
SHA1
56f0b418fb923ec327864a92c4c0e21f71de3de1
-
SHA256
f0d7d68678914d484461b1a8aec813d2d910d359d183881f4d0f6afba7933e20
-
SHA512
983079eb45559fc4fc3c9443e01c29aa798ca27b0ed57d213a55855a81075155a5c56d782e908505ba7c27ec624785a3077f422a6b4f9f1be2f47eb58d9550d3
-
SSDEEP
3072:PGnJG8nWZy2rESvdy/m1FpsBMXvM/eTW9XfA3pLrWs06UYOlQyaTBfCcVAg0FuAS:OJGHrEMy/pNaLdLHoDaTBqcVAOiH
Score8/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Downloads MZ/PE file
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Drops file in System32 directory
-
-
-
Target
ProgramData/splayer/lang/default
-
Size
1B
-
MD5
c4ca4238a0b923820dcc509a6f75849b
-
SHA1
356a192b7913b04c54574d18c28d46e6395428ab
-
SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
-
SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a
Score1/10 -
-
-
Target
desktop.ini
-
Size
79B
-
MD5
1d949d70b60a503a710281675da7b0d7
-
SHA1
24c25b708416ffee862a464c2299e608fe4f2154
-
SHA256
02646e304f16a5a805828d3c83b804749f028b2ed0476930bfa6585bffaee5d4
-
SHA512
e229e88a6957c28b08a579770f0d90b8dc6fd1368adc554c8effc00e656d206d493fd5b658a395d6f32422dcfb2c6331f0999138c6e9aa6a73b81adfa9e6febe
Score8/10-
Downloads MZ/PE file
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Active Setup
1Browser Extensions
1Event Triggered Execution
1Component Object Model Hijacking
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
1Component Object Model Hijacking
1