Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Apache_Ope...fr.exe

windows7-x64

6

Apache_Ope...fr.exe

windows10-2004-x64

4

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

mbcs.py

windows7-x64

3

mbcs.py

windows10-2004-x64

3

mcnttype.dll

windows7-x64

3

mcnttype.dll

windows10-2004-x64

3

md5.py

windows7-x64

3

md5.py

windows10-2004-x64

3

memusage.js

windows7-x64

3

memusage.js

windows10-2004-x64

3

message.py

windows7-x64

3

message.py

windows10-2004-x64

3

message1.py

windows7-x64

3

message1.py

windows10-2004-x64

3

mhlib.py

windows7-x64

3

mhlib.py

windows10-2004-x64

3

migrationoo2.uno.dll

windows7-x64

3

migrationoo2.uno.dll

windows10-2004-x64

3

millennium.ots

windows7-x64

3

millennium.ots

windows10-2004-x64

3

mimetools.py

windows7-x64

3

mimetools.py

windows10-2004-x64

3

misc.py

windows7-x64

3

misc.py

windows10-2004-x64

3

modulefinder.py

windows7-x64

3

modulefinder.py

windows10-2004-x64

3

msci_uno.dll

windows7-x64

3

msci_uno.dll

windows10-2004-x64

3

msfilter.dll

windows7-x64

3

msfilter.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Apache_OpenOffice_4.1.15_Win_x86_install_fr.exe

  • Size

    127.7MB

  • Sample

    250309-sgms3atvgs

  • MD5

    3c5cf11baee9861a6fb78f642c17e3d1

  • SHA1

    9c0944a1c8dce201c7034f2e71e3cd5f12e023ff

  • SHA256

    a6f33d935bd9c016b3d0914fd35d0985fbfb52018048a90e93f83984be09da9d

  • SHA512

    68c4e7e932ecd76c3c48b40939bb2e9a9e92f8465fbd01737cf136bde19518ec445c8f3ab47d33c5ea9a45a68570712612cae4f90a2799f5b3a008405eeb5753

  • SSDEEP

    3145728:6yDn6qlCIvN+cNqo7pxV1zkthAqUWSnA3BJw+3FmqE:xDn6CkcNqorzMZUWKWBJR3sF

Score
10/10
bruterateldiscoveryexecutionpersistenceprivilege_escalation

Malware Config

Targets

    • Target

      Apache_OpenOffice_4.1.15_Win_x86_install_fr.exe

    • Size

      127.7MB

    • MD5

      3c5cf11baee9861a6fb78f642c17e3d1

    • SHA1

      9c0944a1c8dce201c7034f2e71e3cd5f12e023ff

    • SHA256

      a6f33d935bd9c016b3d0914fd35d0985fbfb52018048a90e93f83984be09da9d

    • SHA512

      68c4e7e932ecd76c3c48b40939bb2e9a9e92f8465fbd01737cf136bde19518ec445c8f3ab47d33c5ea9a45a68570712612cae4f90a2799f5b3a008405eeb5753

    • SSDEEP

      3145728:6yDn6qlCIvN+cNqo7pxV1zkthAqUWSnA3BJw+3FmqE:xDn6CkcNqorzMZUWKWBJR3sF

    Score
    6/10
    discoverypersistenceprivilege_escalation

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation
    behavioral1behavioral2

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      15KB

    • MD5

      d095b082b7c5ba4665d40d9c5042af6d

    • SHA1

      2220277304af105ca6c56219f56f04e894b28d27

    • SHA256

      b2091205e225fc07daf1101218c64ce62a4690cacac9c3d0644d12e93e4c213c

    • SHA512

      61fb5cf84028437d8a63d0fda53d9fe0f521d8fe04e96853a5b7a22050c4c4fb5528ff0cdbb3ae6bc74a5033563fc417fc7537e4778227c9fd6633ae844c47d9

    • SSDEEP

      192:EyGQtZkTktEQUrJaZfuyCnSmUsv3sY7L7cW8Y6Q86QvoTr11929WtshLAzgSrX8:EyNt+4t7uJalUnGesY7Lt8nCr/Yosa

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      mbcs.py

    • Size

      1KB

    • MD5

      037692440a6148a06d5be8de5cd26197

    • SHA1

      1d70e4bd36be1c153b5ef3c21e060f4da12211c8

    • SHA256

      f6ed445ed537c9f856d8defe8b56505727737d0dc9348d0a877abedab4bdd864

    • SHA512

      07950d19132d12b65f641c61e473b0316ecb3307a617057626ae25e9c77804331ad7286b29a20438e1a63bd201e19e4f7bb4eb3f9b6b507e9c77b2534685e12f

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      mcnttype.dll

    • Size

      38KB

    • MD5

      505d8718212aa7c5fc0950effb9aa042

    • SHA1

      0176b8f75c7d132ec0a6fdb832ff44f722cfad97

    • SHA256

      6f89d3887e90b239d4854ca0c36e5cbad110a906b2075222a3be8c727a9a49f7

    • SHA512

      7dfba953923e342db053bf113b61de39de6227d73f9d6fdbed2b675ac58cf86afab100e751e7996e9959c9001f873d06db0c3d6830d43a03037b42ac9adc814a

    • SSDEEP

      768:ciLmSCeNMbE2OYuSH0yXOoWV2P3vYDrXOj1UZq6:7NMbE2cSH0y82P3AfXOuZq6

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      md5.py

    • Size

      358B

    • MD5

      2fef56daa9d26cd7dab15ef778fcd380

    • SHA1

      f45dd00a512f774eee2eb75037c86a09850ed9c1

    • SHA256

      2a262ea4fbec14c295e701931b2514715c0fe2f5f7c42ba41fb8efbca4008353

    • SHA512

      d285bece7dc2c99a620cc3869bd9e6878f4d63a235c50401beae7afbc9c9efce09ec67f90236213af35c9105a19fe06efb02fdd6600dd22833ba344a6d441717

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      memusage.bsh

    • Size

      4KB

    • MD5

      0f82f19dcb9569cd97b1d3806b79b123

    • SHA1

      e1a69c3d5cdf5692335b2f3ab45e0759c6b08dec

    • SHA256

      56e6781ae6d7734f187eebe8cd01fd5d9da8ff30c7efd3d1bbc5cba07de341e2

    • SHA512

      76e7ade09dcd07dc7cb0fd419ab990998719f8d13f08635a91de7e13aa297d64902e92ecb6d20c73e7737d4b3990d613d38f80a1a7ce7c6ac59cfa71a6edbd8c

    • SSDEEP

      96:bQ0N7zdHfiu4kEXlr+vYZMUbiWjzgzT3wzmzpESEAB4aAk9+Bphi9W4kj6KBujUS:d7zdH4kE1SvYZbiWXiTCUpESEAB4Hk9d

    Score
    3/10
    execution
    behavioral11behavioral12

    • Target

      message.py

    • Size

      30KB

    • MD5

      711fd3f3da69ff2431caaa9e03891dde

    • SHA1

      e38d15be32c3e573f9d20f8028417204bed0cb6e

    • SHA256

      7a1b7af3b53092772b6a0a7ea815e55606d23495204ad2aefaefcdc1f379a909

    • SHA512

      fb7e12ada70b649290f9fc5ddbadca36f42abd2b2d10d74b0f887f4059483daa12fe9f752050b7c08486468b9e92da0550d174e107f4b7404e8e980a73aa1abb

    • SSDEEP

      768:/sHGlbQDR7ZZQY4l5RgDqEYZBeWZoiSL8TQcWqnnD19Ov:/sH0GhZSl5RgDBcEWZoiSQTQcWqnnJ9I

    Score
    3/10
    discovery
    behavioral13behavioral14

    • Target

      message1.py

    • Size

      1KB

    • MD5

      ca566887c66c27525204012ed37fa0a3

    • SHA1

      7f324bc692121ab20d9123e7caeee6e53cc10236

    • SHA256

      a73dd0f297a5d7005bf426c6b5203bd4a83e8d5f1c98164013708a870d5c58a5

    • SHA512

      518e8180baf9b1f86435b5aef2424d9e660b625766d887ff9dfee1a9fc82a1c94c0ca1411e8d2b12f783edc64711a278604fc94c5fdae29d1692d2cc5039d3c2

    Score
    3/10
    discovery
    behavioral15behavioral16

    • Target

      mhlib.py

    • Size

      32KB

    • MD5

      40ceb42b8e6b2fa75af5167cb096afc0

    • SHA1

      064ab1c4a77672aa66ebf2d91af0b55936c27805

    • SHA256

      98f0fa0847f3b8fa270925d1a556099a83b8d4ec53f09738c9475f169cf30ecb

    • SHA512

      c0e67d365886dc6fe57cc77eacda58572e85407bd5d3793144e9d2c15e343cbc22e03774706231475ca71b01dc4e8e602736057430f2f128f1ff41144f380009

    • SSDEEP

      384:XFlhbkz8+UH8velIkHlq7cjeh89o02iBDw/Jwfw:e68vQIkHRjC8qkDWJ5

    Score
    3/10
    discovery
    behavioral17behavioral18

    • Target

      migrationoo2.uno.dll

    • Size

      80KB

    • MD5

      e32fe082fb040432db71cb0388cdb012

    • SHA1

      d8cad776116e9e18c9cf2ed9713fabb55e9b1ab1

    • SHA256

      4485b75530db1bd370f5285bc193e7c32ba32e7148f6a15483598b3d1efb5137

    • SHA512

      bfb3541e98236520e60826acbb31510c631af8362158243a10accb2923e2c5c23d918913a1bd208fcbb090386c23f7d0b87a05d812ffb061e0da07d10f28c95b

    • SSDEEP

      1536:6We4ChL4jwzxZCQsBIAq5Vo/gMZhhHZ43Eqj5rd02OKJB97:6WOMwVZCQsBIAqU/gM5ZejFdVOKJB9

    Score
    3/10
    discovery
    behavioral19behavioral20

    • Target

      millennium.ots

    • Size

      7KB

    • MD5

      129f116a191f5d5418dde412ab5efb7d

    • SHA1

      ab50241b6db06d8b4c80b98b3d4f0f7a951a2ed2

    • SHA256

      327afb9b31685336a1994d55270ab3353306ab7fb2cad5b9f2abfb62819bc8ec

    • SHA512

      fba707735478feb0483cff27ae4930bbf9f7b7827e0e720a290ba2006b68427c93eb05d51b55d61566a613127a13bf681fc88cdde74147ddd31e8cc7471b071d

    • SSDEEP

      192:ytliUaKTANXkNKA2gyXZwoju9a9MmfQqIe+1ejNqSOSj:ytlioAA2gMZNYaPIe+Dc

    Score
    3/10
    discovery
    behavioral21behavioral22

    • Target

      mimetools.py

    • Size

      7KB

    • MD5

      62c568715fa87b12f17da3b541994c6f

    • SHA1

      087926284ece4f1ee2681610bc079753c00c1c40

    • SHA256

      027729db4104529492717f6168b39765fd8eeb99b3ea95be838ebbedfe102d19

    • SHA512

      456bd65e025f5ec6c308b30db2a4fc35036f1420fb9106d397096b914a0db31c349c3c3182b2e48de7db6d0c45031dd9d28157a922f0d258f0de05b0b7142981

    • SSDEEP

      96:PCiHvUHeadjmhbO6ngvdmp6pAv/5Ql/+kBxDlxBx4nRziEync1:Pt8++mBgmp6pAvxQd+6xxxknRziEt

    Score
    3/10
    discovery
    behavioral23behavioral24

    • Target

      misc.py

    • Size

      1KB

    • MD5

      1417c4463e9c868dcdfb52ae22efe9ba

    • SHA1

      659110e6ac173c0a2395e2a93713eab3d5d52ccb

    • SHA256

      4674afb148f43d72e7b58372800a29486eaab2e73c5929a88ac8550c112cec93

    • SHA512

      02303bfb4964d95475ae16788bc1e090b022166895e0828b0edb02bf33e0ff66514e88cebad79bba35e1b93bf60cadfc68244960ebbfc0d6a4b003246ae98da9

    Score
    3/10
    discovery
    behavioral25behavioral26

    • Target

      modulefinder.py

    • Size

      23KB

    • MD5

      c64e3a4a7fe5fb0d04567b5301597c14

    • SHA1

      2248f0032807de32ee6de9941ae3cb934712d62f

    • SHA256

      562d20522b2046cfa42489ffadca292e5f187949b7c99278a0023117788829ca

    • SHA512

      5cb3037785f0b20e9e6b93104b8c7a5530f1a6fc52cc40357fc31faf7f22628adc114ea235dd9b0c46d28a8229e1b341b10e1d96a74980d5fc039c0978129df4

    • SSDEEP

      384:KXevtr6a+30WqmBoQsD4ubP0q5zLobpmL0up9qpsvHoz81tsF0shG6oL5:PvtygmBoQsDRb3obpmLlp9JvIo/sF0sW

    Score
    3/10
    discovery
    behavioral27behavioral28

    • Target

      msci_uno.dll

    • Size

      81KB

    • MD5

      5d5c71f2f0c9e754fcb3c76159f63c46

    • SHA1

      58e467eca93d8ea53f839e161d3eadd42d4ca12e

    • SHA256

      6650698bcd16da5c1cb358c9600671a495a6cc2a8d667da6e1256aea04c503d1

    • SHA512

      fead76902d6aec710154c942ace27dd859f5c799e702d1fb68b44a54bae714680f15a52c66ad9a435608430f30a956032ce999fa49d71474935c36ba722280f1

    • SSDEEP

      768:ILyefLpku8xNOz+dTXSrZ1DdLDCY3LqM7WoyRLoStoQGrjol0EdHjfR2ZRhOt1sl:34pGe+dTWbLq9bRLvV0EdTsRhOtW4hC

    Score
    3/10
    discovery
    behavioral29behavioral30

    • Target

      msfilter.dll

    • Size

      793KB

    • MD5

      767e98d126b3d3890b18314dda3fad22

    • SHA1

      b85d5c037e20b42fe243322ad9305044c3ed94ad

    • SHA256

      00d5605208413b23d0cbf9456cc372d1bc50304c0bdaf5ee6539e3b9546b9a87

    • SHA512

      353db1d4149d8bce0d492a1ac9b791155845a61dff4615c76a2e7d714545dbb0b96cfeae569011e7150ee020b077475d80dd9cd758707c5eaed896ed1c2d7d1a

    • SSDEEP

      24576:fzA2cMYJKo2mG2sNL8tKSAS9GaTmRta648CkzeztwPOfHmi4E/hvhFwE:YMYkhNL8tpADk/hvhFwE

    Score
    3/10
    discovery
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

bruteratel
Score
10/10

behavioral1

discoverypersistenceprivilege_escalation
Score
6/10

behavioral2

discovery
Score
4/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

Score
3/10

behavioral11

execution
Score
3/10

behavioral12

execution
Score
3/10

behavioral13

discovery
Score
3/10

behavioral14

Score
3/10

behavioral15

discovery
Score
3/10

behavioral16

Score
3/10

behavioral17

discovery
Score
3/10

behavioral18

Score
3/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

Score
3/10

behavioral23

discovery
Score
3/10

behavioral24

Score
3/10

behavioral25

discovery
Score
3/10

behavioral26

Score
3/10

behavioral27

discovery
Score
3/10

behavioral28

Score
3/10

behavioral29

discovery
Score
3/10

behavioral30

discovery
Score
3/10

behavioral31

discovery
Score
3/10

behavioral32

discovery
Score
3/10