Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

L2NPC/HFExt.dll

windows7-x64

1

L2NPC/HFExt.dll

windows10-2004-x64

1

L2NPC/L2NPC.exe

windows7-x64

3

L2NPC/L2NPC.exe

windows10-2004-x64

3

L2Server/GGauth70.dll

windows7-x64

3

L2Server/GGauth70.dll

windows10-2004-x64

3

L2Server/HFExt.dll

windows7-x64

1

L2Server/HFExt.dll

windows10-2004-x64

1

L2Server/L2Server.exe

windows7-x64

3

L2Server/L2Server.exe

windows10-2004-x64

7

L2Server/Loader.exe

windows7-x64

3

L2Server/Loader.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ca1906c0038d784d0ae122797eb5a2c359aeabd142efa34f709c229bec4cd3cc

  • Size

    4.9MB

  • Sample

    221031-fpr2jabaaq

  • MD5

    1c4087ef9d965705c2677399b3604bbc

  • SHA1

    41b0db5350c7d90675e64634b2bb688b4dcf95e2

  • SHA256

    ca1906c0038d784d0ae122797eb5a2c359aeabd142efa34f709c229bec4cd3cc

  • SHA512

    aca1141fef756ca5ed1dc17527087e406fda9ee8afa566292ffb1634d5e034799e49f0a6c378bf040850dff683445201d90dcf593561934b77fd1146b7c6d320

  • SSDEEP

    98304:RcD7ZudP8yqlboyy2b9yNBg1XKHuTfrbDLio2gVQy5jwNmhzQEPd:uDkEyqlbDfb9yrOzHiold/J

Score
7/10

Malware Config

Targets

    • Target

      L2NPC/HFExt.dll

    • Size

      1.1MB

    • MD5

      771a913655b7cf44986878a2310642c3

    • SHA1

      29cfb5009cfb7020d9037999b56cc7a976183af5

    • SHA256

      b21aad37dce35c48b2774f0de2ed19e48f1cb1146c3ba553778d208a19178815

    • SHA512

      071fdfad4c5f371f4366c6f8834c901ddc3ff5b898d10702063183ee767c71b2d616741e1bc161c42240126b785798dc4b2081088f33e95ccaf31286ed781c22

    • SSDEEP

      24576:gDV22RQmpUoTJ++KBSlWndFT+PmmRpjDo98gk6NjBdwFSStQwla/Mwmq1/VQvlwl:gDV22RQJoTJ++/lyT+PmmRpnkNjBdwFq

    Score
    1/10
    behavioral1behavioral2

    • Target

      L2NPC/L2NPC.exe

    • Size

      3.0MB

    • MD5

      600a18faebf9f776e6da00130c6c158c

    • SHA1

      c1a7ca76a50dea5938615ae247aba2bffe8c3740

    • SHA256

      70ca305182907b39e56373a6ef7d43adbb668e86983afd1b851a5640954950ca

    • SHA512

      0f47ea1f15e43a5bb41169e8032de8d3e58e444860fb7eebb45bc496b403e1000863241ad89dfe5e5347cdb12a5ae013ee0173e69b0bc26e79a8af7d9929b59b

    • SSDEEP

      49152:y8kv1/vPS8dBzeuKsmri+wnbQLkVlRI4V2RaJLSoRkxjUzg+p9wr:+pBRnwJUzg+p9

    Score
    3/10
    behavioral3behavioral4

    • Target

      L2Server/GGauth70.dll

    • Size

      111KB

    • MD5

      08e77144afb763a659c9350a7dc1c7b3

    • SHA1

      9e01ed7633f1b311546c01799bf21dbafcb67767

    • SHA256

      c4a81a32a4d39829057d66fdfa8dd40bc24c30b9ce287d0727cb4c0e82e6ea93

    • SHA512

      acecd1a7d1a362509933834c073f9850253f3c7ed14daec5ffdbd1fee2a618fffbe2c1c8365c228031feb3bd784c2f2746e5dc870fbc17ca7caa84b7cfd1e552

    • SSDEEP

      1536:67MzvhXY4EbVCOBJFHsdSYEMEXjIUqR9AAeTnzxEPRd/PzxD/sTIi50Cd1JA87E9:gqXdEbMGHsdS8iE87EgcqDDyr4oP

    Score
    3/10
    behavioral5behavioral6

    • Target

      L2Server/HFExt.dll

    • Size

      1.1MB

    • MD5

      771a913655b7cf44986878a2310642c3

    • SHA1

      29cfb5009cfb7020d9037999b56cc7a976183af5

    • SHA256

      b21aad37dce35c48b2774f0de2ed19e48f1cb1146c3ba553778d208a19178815

    • SHA512

      071fdfad4c5f371f4366c6f8834c901ddc3ff5b898d10702063183ee767c71b2d616741e1bc161c42240126b785798dc4b2081088f33e95ccaf31286ed781c22

    • SSDEEP

      24576:gDV22RQmpUoTJ++KBSlWndFT+PmmRpjDo98gk6NjBdwFSStQwla/Mwmq1/VQvlwl:gDV22RQJoTJ++/lyT+PmmRpnkNjBdwFq

    Score
    1/10
    behavioral7behavioral8

    • Target

      L2Server/L2Server.exe

    • Size

      12.6MB

    • MD5

      8235a379be7a063b9d90a38e276cbb30

    • SHA1

      b6174fc0b2de1aecb09c12fc73e9369e5a5b95c5

    • SHA256

      203e3300d1e76dbc45e0c0e1b5d0e0388e1143924333398954016c6003b45511

    • SHA512

      3f30fb08ee92a73a3a19dc22c3440b2afef2a5babc735dfdea04021180440b5baaf444d975c9bae502c73fe823ce9d0f419dd71ffdc9960f655071130e3152c3

    • SSDEEP

      98304:FayXbXfSoVXB8H7cyxOhtwTN2EBLBYFZpECfzIKOQG8GHk91bBqnA4WgX32daeH3:FlXbPDVXB27cXtwTN2EFBIFzIRQLmeH3

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral9behavioral10

    • Target

      L2Server/Loader.exe

    • Size

      7.2MB

    • MD5

      fa7d5c4c0d738f90cfb4cce4e5164570

    • SHA1

      0e3764f87d5875de0929efcff684091372ed3086

    • SHA256

      e2f4ce4f66cf6e537485203b2ea299c8b22c1c577ba4da94080312a6f5c228fd

    • SHA512

      4a046d1c105e3f5d08550eff955e1e1199e5510fb3cfdb8afef9af64bdee5d9a09ce520dc6307b21cc674805bac5ae054908638c0ddf51f8104ea74c839d0007

    • SSDEEP

      49152:gSjCbvvRJsvifKhO+KFZ6X8Cdt2bHu6ECnOzgdAA0OtI2HUVUrKDbRpjmLLZsUeT:mbvRJQKFZ6X2zxKnRp8Z0j3r4Fox08

    Score
    3/10
    behavioral11behavioral12

MITRE ATT&CK Enterprise v6

Tasks