Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

5

astx_setup.exe

windows7-x64

8

astx_setup.exe

windows10-2004-x64

8

$_0_/V3Medic.exe

windows7-x64

8

$_0_/V3Medic.exe

windows10-2004-x64

8

$PLUGINSDI...64.exe

windows7-x64

$PLUGINSDI...64.exe

windows10-2004-x64

$PLUGINSDI...64.exe

windows7-x64

1

$PLUGINSDI...64.exe

windows10-2004-x64

1

StCli.exe

windows7-x64

StCli.exe

windows10-2004-x64

StSess.exe

windows7-x64

StSess.exe

windows10-2004-x64

StSess32.exe

windows7-x64

3

StSess32.exe

windows10-2004-x64

3

Lib/Cert/c...l_.exe

windows7-x64

4

Lib/Cert/c...l_.exe

windows10-2004-x64

4

Lib/Cert/n...il.exe

windows7-x64

3

Lib/Cert/n...il.exe

windows10-2004-x64

3

V3Medic.exe

windows7-x64

4

V3Medic.exe

windows10-2004-x64

4

Sharing

Copy URL
Twitter E-mail

General

  • Target

    astx_setup.exe

  • Size

    97.6MB

  • Sample

    250328-cb55fsspw7

  • MD5

    ae5d61786f3910ec6f722eba51ba798f

  • SHA1

    cb6e3a657e272959a2b09920a35a617761b2d6f3

  • SHA256

    5c78d98852f5e196616abb376c04c9b6467d85cc82247fea05a48cdbe4b86da8

  • SHA512

    6c2cc8e630ae9e267d09a9aef8d8f9e07ef111b6bd540ffbf5378a0654fcf601e2176028b826d596e70e5e213fc34f16876651668a178a55c89df61ca88f8fcf

  • SSDEEP

    1572864:A8n4cfsWcmX8UatEyxKrYNNq5mj9gn56vx5iWyMxbsrbZXd8DhnK25cCmCq:BnGfm8jDNNq5mhgncip3rF6dKjTF

Score
8/10
bootkitdefense_evasiondiscoverypersistenceprivilege_escalationspywarestealertrojanupx

Malware Config

Targets

    • Target

      astx_setup.exe

    • Size

      97.6MB

    • MD5

      ae5d61786f3910ec6f722eba51ba798f

    • SHA1

      cb6e3a657e272959a2b09920a35a617761b2d6f3

    • SHA256

      5c78d98852f5e196616abb376c04c9b6467d85cc82247fea05a48cdbe4b86da8

    • SHA512

      6c2cc8e630ae9e267d09a9aef8d8f9e07ef111b6bd540ffbf5378a0654fcf601e2176028b826d596e70e5e213fc34f16876651668a178a55c89df61ca88f8fcf

    • SSDEEP

      1572864:A8n4cfsWcmX8UatEyxKrYNNq5mj9gn56vx5iWyMxbsrbZXd8DhnK25cCmCq:BnGfm8jDNNq5mhgncip3rF6dKjTF

    Score
    8/10
    discoverypersistencebootkitdefense_evasionprivilege_escalationspywarestealertrojanupx

    • Drops file in Drivers directory

    • Sets service image path in registry

      persistence

    • Adds Run key to start application

      persistence

    • Modifies Windows Firewall

      defense_evasion

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      $_0_/V3Medic.exe

    • Size

      2.3MB

    • MD5

      248e689391f6e11540fbab5838826427

    • SHA1

      78f1b261409df80e58fdc18b6f38fdca786c4653

    • SHA256

      f5b4b7b047597c558aaca470a702be97c2343c693d559cb81bd01f049928bae2

    • SHA512

      ee0d03812ef8ee2295f63de7e5f27e1a58dc352705f045ae34ca887275af5fbfc30ef534c17bf4f875bdaa7ec90a02cc06e4985f3db7b749d8a4afb69a136339

    • SSDEEP

      49152:keOTasa56JgzDf1GHwqfXti4vTqtThOFLjKEzPiVTFPprWY0W7wlEpSx:0SwmNGQKYoTqtTE1jKOilpJ97w+pE

    Score
    8/10
    discoverypersistencebootkitdefense_evasionprivilege_escalationspywarestealertrojanupx

    • Drops file in Drivers directory

    • Sets service image path in registry

      persistence

    • Adds Run key to start application

      persistence

    • Modifies Windows Firewall

      defense_evasion

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/SysARM64.exe

    • Size

      149KB

    • MD5

      110554474b797457b865c9c989384e4b

    • SHA1

      70aee5dabec759b3d8563e620ca85d8299856561

    • SHA256

      bb72fbe0bbb4a4fb346222198401db1dd67932cc22b084875cba0a079ef7ce58

    • SHA512

      ed1389f842f407d10454a1de97aa15ad7297e87bc35b111e124cf1e24895a8c50a8f07c56a9f8e3d692a5d6fbe47eeb9c12788d1d072e492c1e326dbb428de07

    • SSDEEP

      3072:JZc36cHuoZpNTPMgwJSGv4YI99dHEV2m0EW5Q:g6cOo9QgCiL9wMzvQ

    Score
    1/10
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/SysX64.exe

    • Size

      93KB

    • MD5

      b9a15693c06a54872b64f527f1f1f55e

    • SHA1

      5b66cf229235dd0f405a7435e6a015985e5fde8e

    • SHA256

      8294590264ed793eff16521f69d34574b4922e4d44ca9e920905616c2f8cdddc

    • SHA512

      b12954a162d46238fe3cf2e9e650c9e8518707fe5d2d702e57b1387fab5da55fb0d2c0041e2957ed1bb994072305269c0c57c6078914a1b1701ff12823bead08

    • SSDEEP

      1536:YTf2PX4eca4nIT/0qA8WMpefrbMd+oQXjzGvO7L8TJ+JMPJL+54bfFfA74CV:mf2v4VITcq4NfXMdxQXGO7I/BL2KJA06

    Score
    1/10
    behavioral7behavioral8

    • Target

      StCli.exe

    • Size

      3.6MB

    • MD5

      1415daeeb347997db388053ff82ef046

    • SHA1

      7b6181d9a5b82dee6f0258140f23c41df6bf82fe

    • SHA256

      1e9bd8b84d640260d9fe250d8384ce6b741a3f70aeea944bb3fc6cb57d651f77

    • SHA512

      737ee3f4c2573e277b11da81a8d3251aae54b645b37df5a6551da6ed768b9d2b1aa3fa0525ba5bfc03c53df2c1e55cd23021c29d89675f885003ab53706470c8

    • SSDEEP

      24576:eV4m3KhPjBL3db6W9g2+L5snIsJ/fM7vZkYO4zIaBiKhd2vCDTt:eVp3KNjFdn99nIsJXM7vZRO4zIVKsCDR

    Score
    1/10
    behavioral10behavioral9

    • Target

      StSess.exe

    • Size

      9.3MB

    • MD5

      16f2011d81922e871975d1c464b5d99e

    • SHA1

      7baf75d9c0c0ced7c074d9dd929d1c9bff3d3e40

    • SHA256

      1b232895e7b264959f3c74bd3c7d25f90f9de0353a0b3246759164a7c343bdf2

    • SHA512

      4cbbbcd85cf54e86160a649a9e4aad0b940550390e1f8942c0b95b3b4e2e01d69aac82aeff9cc0c0bedba186a3185efda1b42c2b6e99e0758fdb28af0906a2b2

    • SSDEEP

      98304:TIbqaW7RG7UbVXKrS5RAytyRLEIG2guL7b7zDb0c4vh:TIbqV0UbVXKrS5RAytyRLEzsL7b7zD4p

    Score
    1/10
    behavioral11behavioral12

    • Target

      StSess32.exe

    • Size

      581KB

    • MD5

      e696752274d2b3bfe28b69f8b21e6034

    • SHA1

      78703f89931970dd476fbac9e909e47660009c32

    • SHA256

      59220c5fe9792ce5a8b418d3a19cc5734537e14e941bf669154e6ae7170e8c96

    • SHA512

      fbdcf2cb6fc5de34c9b070f66538e3ab6c2fdfe728125224a9c047c7747ea290484d376514129cac607cc90923ad5bc986096845ba40751c970cfb7bbe106577

    • SSDEEP

      6144:dZysTG5lwhDD3gruWtSPMcZ/JBwDZqqDL68BO/o6dPFvPToi7W2WYTHwm:dZyWCG9jeuiSPHZ/JKQqn6s6sctTHwm

    Score
    3/10
    discovery
    behavioral13behavioral14

    • Target

      Lib/Cert/certutil_.exe

    • Size

      556KB

    • MD5

      711db2ef10b6c2ab2080698aec6c6d08

    • SHA1

      5746c14fe1790a18b76cc9833f93bc72937aca72

    • SHA256

      75ddab1826f220eb36a9eea9cf8533c94c19bac89d961380f3a418f6eedb2b4e

    • SHA512

      6568ea1bf41afa461d2b529d42e0d873c9b1b109875c6010fd965ac8c3d9a0c98ea1ea747119815254bf42130b6cf699c8dc01ee6763f172ae7c57f656faf7f1

    • SSDEEP

      6144:AG/XQ+F4FFJaL5TBEf6ID0rq7XqHvXxUEuspBi9NlLlli8QMupzUMfNXyowyQv:rX0vaL506euHPOypA9NlGcuVNXa

    Score
    4/10
    discovery
    behavioral15behavioral16

    • Target

      Lib/Cert/nss/certutil.exe

    • Size

      126KB

    • MD5

      18699846ebf35d128feb935ea2f47557

    • SHA1

      c02c24af935911c2d8e8a4e9f0d1bc262a129a32

    • SHA256

      f5cd860a5f2f08f30813d042e5a8c18e1965e5750aee168050bffe742dcf0dd0

    • SHA512

      e0596dcab94ee1872f1d16007cb4607fd346244208fc42c2e932609568765a6ee3b8fd89da095ab4211bfe30f41f801f433e41ee2616b96947811e8779209ac8

    • SSDEEP

      3072:jxJwgnzU9ofoMV9x0lVtvBd7yEegXkLbkS7c5:jxJwgnHftqljBd7yxgXcbkwc5

    Score
    3/10
    discovery
    behavioral17behavioral18

    • Target

      V3Medic.exe

    • Size

      2.3MB

    • MD5

      547196fe997e1754597d60b2333b3d20

    • SHA1

      c72ce7ea3c0ce928b84ca1237d470b80aadfd456

    • SHA256

      3f2134128c72d146ea83a3caa7dfc734c54e300c3c714953d2c19ed361e90e95

    • SHA512

      e371cda8290ba02ceb2c3aac05ca9892395e966d565c59ccc45257e006ea9aa4de60e68976ccb96f9475f17c026a083548f99883bc4a4c887fe78283237d214a

    • SSDEEP

      49152:EpJMYTmHVJ/yyo814cxdQMw9T+ImB1EFzE+7yirLG9:trvj1IMST+1AzNrLQ

    Score
    4/10
    discovery
    behavioral19behavioral20

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

3
T1112

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Peripheral Device Discovery

1
T1120

Query Registry

2
T1012

System Information Discovery

3
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Tasks