Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

19/index.html

windows7-x64

1

19/index.html

windows10-2004-x64

1

3.ESFramew...pk.dll

windows7-x64

9

3.ESFramew...pk.dll

windows10-2004-x64

9

Images/Public/lpk.dll

windows7-x64

9

Images/Public/lpk.dll

windows10-2004-x64

9

MailToCode...pk.dll

windows7-x64

9

MailToCode...pk.dll

windows10-2004-x64

9

htdocs/plu...pk.dll

windows7-x64

9

htdocs/plu...pk.dll

windows10-2004-x64

9

jycms/捷�...pk.dll

windows7-x64

9

jycms/捷�...pk.dll

windows10-2004-x64

9

lpk.dll

windows7-x64

9

lpk.dll

windows10-2004-x64

9

torrent/to...pk.dll

windows7-x64

9

torrent/to...pk.dll

windows10-2004-x64

9

定时任�...pk.dll

windows7-x64

9

定时任�...pk.dll

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    af4371a739d4a58f572705594b3c57f3e6934367ad1722cc56f9e6468ff701b6

  • Size

    1.5MB

  • Sample

    221125-3ynf2abb5x

  • MD5

    3e1d0b6c66f0b4b34aaa12bac2540065

  • SHA1

    db726432e1b6fce0df199e0b03d0cc0e82aa4e30

  • SHA256

    af4371a739d4a58f572705594b3c57f3e6934367ad1722cc56f9e6468ff701b6

  • SHA512

    2665045041da6fe3300d437c9b32984f0c8c81f1913cc0601f3a87b3c2066237189f3de0babda62b08b9452ce38d9c56638cd499612a514bc63eeef6bdb5b18b

  • SSDEEP

    24576:dXPGAaI7ym5S8WXPGAaI7ym5S8GXPGAaI7ym5S8HXPGAaI7ym5S8lXPGAaI7ym5j:tPDym5S8APDym5S8QPDym5S83PDym5Sm

Score
9/10

Malware Config

Targets

    • Target

      19/index.html

    • Size

      4KB

    • MD5

      9b4764883a609aa87ae954d89ae36a5f

    • SHA1

      960ed127e50d70c3d36d827006030194c4f480a0

    • SHA256

      ce74374ab8ecdc49a65dc95432c0549ad7d9a70d0cc080dab7b4ea5483adf8b4

    • SHA512

      31da3abb6f9ce7348668ba19af4b0ef3ac42e40a8e9760c884d305e445307c20ba01e055a1e323b737330319425f9ae61ae44366ba3e2959563a1762d36dea81

    • SSDEEP

      48:qu/Q+My9jzIoXBANp4zAB8AutlEahJ4QUiJy8xYyRY5NafPFg5gahbzRT4nJGCTg:vMcIoPLHhJZnxYyA+8hpKIL/ZGi

    Score
    1/10
    behavioral1behavioral2

    • Target

      3.ESFramework.Demos.P2P/ESFramework.Demos.Client/bin/Debug/lpk.dll

    • Size

      217KB

    • MD5

      aa28054265b1c2fb7748fb21ab5984a7

    • SHA1

      2fd0396a49a7024ce53783995c4b288e7c596342

    • SHA256

      004785903afd37cace27aae4ed28b2130c2691798b82132debb42659d223b615

    • SHA512

      aaa000f7947a92e834b3175facfcefd1d9f53e3204f1b26f10c19c4c1b5ea720b6d6fc45d88a909ca0dbe425c39a6885496f8673e4ff1ebff6a709a351322e28

    • SSDEEP

      6144:u24mCyHAWyPgWITYJ0Ax9N17xM2lxq27Wo/GEvdt:u24xvPgWGYj9X7xM2Lq27D/GEvdt

    Score
    9/10

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

    • Target

      Images/Public/lpk.dll

    • Size

      217KB

    • MD5

      aa28054265b1c2fb7748fb21ab5984a7

    • SHA1

      2fd0396a49a7024ce53783995c4b288e7c596342

    • SHA256

      004785903afd37cace27aae4ed28b2130c2691798b82132debb42659d223b615

    • SHA512

      aaa000f7947a92e834b3175facfcefd1d9f53e3204f1b26f10c19c4c1b5ea720b6d6fc45d88a909ca0dbe425c39a6885496f8673e4ff1ebff6a709a351322e28

    • SSDEEP

      6144:u24mCyHAWyPgWITYJ0Ax9N17xM2lxq27Wo/GEvdt:u24xvPgWGYj9X7xM2Lq27D/GEvdt

    Score
    9/10

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral5behavioral6

    • Target

      MailToCode/MailTo/MailTo/bin/Release/lpk.dll

    • Size

      217KB

    • MD5

      aa28054265b1c2fb7748fb21ab5984a7

    • SHA1

      2fd0396a49a7024ce53783995c4b288e7c596342

    • SHA256

      004785903afd37cace27aae4ed28b2130c2691798b82132debb42659d223b615

    • SHA512

      aaa000f7947a92e834b3175facfcefd1d9f53e3204f1b26f10c19c4c1b5ea720b6d6fc45d88a909ca0dbe425c39a6885496f8673e4ff1ebff6a709a351322e28

    • SSDEEP

      6144:u24mCyHAWyPgWITYJ0Ax9N17xM2lxq27Wo/GEvdt:u24xvPgWGYj9X7xM2Lq27D/GEvdt

    Score
    9/10

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral7behavioral8

    • Target

      htdocs/plugins/editor/ueditor/third-party/snapscreen/lpk.dll

    • Size

      217KB

    • MD5

      aa28054265b1c2fb7748fb21ab5984a7

    • SHA1

      2fd0396a49a7024ce53783995c4b288e7c596342

    • SHA256

      004785903afd37cace27aae4ed28b2130c2691798b82132debb42659d223b615

    • SHA512

      aaa000f7947a92e834b3175facfcefd1d9f53e3204f1b26f10c19c4c1b5ea720b6d6fc45d88a909ca0dbe425c39a6885496f8673e4ff1ebff6a709a351322e28

    • SSDEEP

      6144:u24mCyHAWyPgWITYJ0Ax9N17xM2lxq27Wo/GEvdt:u24xvPgWGYj9X7xM2Lq27D/GEvdt

    Score
    9/10

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral10behavioral9

    • Target

      jycms/捷扬文章系统0.4.1/程序文件/lpk.dll

    • Size

      217KB

    • MD5

      aa28054265b1c2fb7748fb21ab5984a7

    • SHA1

      2fd0396a49a7024ce53783995c4b288e7c596342

    • SHA256

      004785903afd37cace27aae4ed28b2130c2691798b82132debb42659d223b615

    • SHA512

      aaa000f7947a92e834b3175facfcefd1d9f53e3204f1b26f10c19c4c1b5ea720b6d6fc45d88a909ca0dbe425c39a6885496f8673e4ff1ebff6a709a351322e28

    • SSDEEP

      6144:u24mCyHAWyPgWITYJ0Ax9N17xM2lxq27Wo/GEvdt:u24xvPgWGYj9X7xM2Lq27D/GEvdt

    Score
    9/10

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral11behavioral12

    • Target

      lpk.dll

    • Size

      217KB

    • MD5

      aa28054265b1c2fb7748fb21ab5984a7

    • SHA1

      2fd0396a49a7024ce53783995c4b288e7c596342

    • SHA256

      004785903afd37cace27aae4ed28b2130c2691798b82132debb42659d223b615

    • SHA512

      aaa000f7947a92e834b3175facfcefd1d9f53e3204f1b26f10c19c4c1b5ea720b6d6fc45d88a909ca0dbe425c39a6885496f8673e4ff1ebff6a709a351322e28

    • SSDEEP

      6144:u24mCyHAWyPgWITYJ0Ax9N17xM2lxq27Wo/GEvdt:u24xvPgWGYj9X7xM2Lq27D/GEvdt

    Score
    9/10

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral13behavioral14

    • Target

      torrent/torrent/lpk.dll

    • Size

      217KB

    • MD5

      aa28054265b1c2fb7748fb21ab5984a7

    • SHA1

      2fd0396a49a7024ce53783995c4b288e7c596342

    • SHA256

      004785903afd37cace27aae4ed28b2130c2691798b82132debb42659d223b615

    • SHA512

      aaa000f7947a92e834b3175facfcefd1d9f53e3204f1b26f10c19c4c1b5ea720b6d6fc45d88a909ca0dbe425c39a6885496f8673e4ff1ebff6a709a351322e28

    • SSDEEP

      6144:u24mCyHAWyPgWITYJ0Ax9N17xM2lxq27Wo/GEvdt:u24xvPgWGYj9X7xM2Lq27D/GEvdt

    Score
    9/10

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral15behavioral16

    • Target

      定时任务程序/lpk.dll

    • Size

      217KB

    • MD5

      aa28054265b1c2fb7748fb21ab5984a7

    • SHA1

      2fd0396a49a7024ce53783995c4b288e7c596342

    • SHA256

      004785903afd37cace27aae4ed28b2130c2691798b82132debb42659d223b615

    • SHA512

      aaa000f7947a92e834b3175facfcefd1d9f53e3204f1b26f10c19c4c1b5ea720b6d6fc45d88a909ca0dbe425c39a6885496f8673e4ff1ebff6a709a351322e28

    • SSDEEP

      6144:u24mCyHAWyPgWITYJ0Ax9N17xM2lxq27Wo/GEvdt:u24xvPgWGYj9X7xM2Lq27D/GEvdt

    Score
    9/10

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral17behavioral18

MITRE ATT&CK Enterprise v6

Tasks