Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
colinware_the_game.zip
-
Size
18.0MB
-
Sample
240103-q3qezadhaj
-
MD5
267b524383d8832fc8ca2728b9c22d8b
-
SHA1
f5d4d97bd0f38ec4525a55e32e4e663875d76408
-
SHA256
e8009306762aa51eae8a3991de04d7c9d82f666a293bff56fb44905353df423c
-
SHA512
c77f812373b9ed5a83eefcdbd11a75e63046484250498678ec822b9147e34ec93a18fa9f3c0ef396731ad0983abd2bea7a237ba9ee845a741ba8031721a5a34b
-
SSDEEP
393216:ZmqL1nDHdsc+dfgMxQ43RMhuV4shi4/jOrLpQwq:ZXL9DHr+6WheWOffq
Behavioral task
behavioral1
Sample
colinware the game/Colinware.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
colinware the game/Colinware.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
colinware the game/bin/RuntimeBrokerPY.exe
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
colinware the game/bin/RuntimeBrokerPY.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
colinware the game/Colinware.exe
-
Size
945KB
-
MD5
1a3411fb714475a5ebfddb35ed768b48
-
SHA1
3ef12f94403530dd4d6c6b2910c9fe20b79c5db6
-
SHA256
3779ac382268128b90bcca9dfc6a774bc28729a788b21a2cea2845deb11a607e
-
SHA512
31f1a69cf4c2e30eed05fa811b01e34ec0db887a20744520d8991e2c5d25b31d9eae5f0113df6d22b58d4972c7b9cb5ba9513a09b5bac0da52ab6a866ea57ef4
-
SSDEEP
12288:rKZK4ODoga4ODoga4ODog/yUmLAK7ElA4ODoge:rA4II0LADGe
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
colinware the game/bin/RuntimeBrokerPY.exe
-
Size
17.7MB
-
MD5
10aa819ab90b46d7e68820662d7668db
-
SHA1
a58728fdeca0c6ef36fd035db6bb7b7e62bd482c
-
SHA256
b0b17655b0c9b39af157f9980f4d5c26c3891aa24ca81aa2b3560bbf4f8d5d21
-
SHA512
ee000cff4fe98088256b4042022a65c72c4a7a0ee272be8862de85788b1124f8f23f92c8a1a7bf1ffe86207e78b6ee15407ca1f4e9f0696ae9b9223f3cce0d6d
-
SSDEEP
393216:9qPnLFXlrVgQpDOETgsvfGewhgw5MvEc4x7LLSq:EPLFXN6QoEABvbvn
Score7/10-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-