Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

7b6e0e0a98...92.exe

windows7-x64

7

7b6e0e0a98...92.exe

windows10-2004-x64

7

$TEMP/DSCT...30.dll

windows7-x64

1

$TEMP/DSCT...30.dll

windows10-2004-x64

3

$TEMP/DSCertEx.dll

windows7-x64

1

$TEMP/DSCertEx.dll

windows10-2004-x64

1

$TEMP/Mobi...32.dll

windows7-x64

1

$TEMP/Mobi...32.dll

windows10-2004-x64

3

$TEMP/NFil...eb.dll

windows7-x64

3

$TEMP/NFil...eb.dll

windows10-2004-x64

3

$TEMP/NpkiCard.dll

windows7-x64

1

$TEMP/NpkiCard.dll

windows10-2004-x64

3

$TEMP/SCSKAPPLink.dll

windows7-x64

1

$TEMP/SCSKAPPLink.dll

windows10-2004-x64

1

$TEMP/UBIK...In.exe

windows7-x64

7

$TEMP/UBIK...In.exe

windows10-2004-x64

7

$TEMP/UBIK...ce.exe

windows7-x64

1

$TEMP/UBIK...ce.exe

windows10-2004-x64

1

$TEMP/UbiKey.dll

windows7-x64

1

$TEMP/UbiKey.dll

windows10-2004-x64

3

$TEMP/UbiK...ll.exe

windows7-x64

1

$TEMP/UbiK...ll.exe

windows10-2004-x64

1

$TEMP/UbiKeyWin32.dll

windows7-x64

1

$TEMP/UbiKeyWin32.dll

windows10-2004-x64

1

$TEMP/Ubik...to.dll

windows7-x64

1

$TEMP/Ubik...to.dll

windows10-2004-x64

1

$TEMP/certadm.dll

windows7-x64

1

$TEMP/certadm.dll

windows10-2004-x64

1

$TEMP/certcli.dll

windows7-x64

1

$TEMP/certcli.dll

windows10-2004-x64

1

$TEMP/certutil.exe

windows7-x64

1

$TEMP/certutil.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7b6e0e0a9844777fe52da9bd0a573d92

  • Size

    6.0MB

  • Sample

    240127-18wjaafbgl

  • MD5

    7b6e0e0a9844777fe52da9bd0a573d92

  • SHA1

    b90f07023d59162dc7b895159b909d5828c8f9f6

  • SHA256

    cc3fbfa0fa74fbc726e44e82698122ef072faba171c51b65c769b79b359d6790

  • SHA512

    db17c6846ed13ed09548b749b1955d5ba4da5219c175a29e24398ab45551f4c1a61671a2d337b37a4d01a95f221922391170df424068f2199136db33089af109

  • SSDEEP

    98304:SqpDdk/EqH7oDhQbi7sR56jFh1jfXs/C7rMp/X3cweoVOo5de0/xTdX3Vf:3pDfqHR75ShlfXSCE/XLeTMrxD

Score
7/10
discoveryevasionpersistencespywarestealer

Malware Config

Targets

    • Target

      7b6e0e0a9844777fe52da9bd0a573d92

    • Size

      6.0MB

    • MD5

      7b6e0e0a9844777fe52da9bd0a573d92

    • SHA1

      b90f07023d59162dc7b895159b909d5828c8f9f6

    • SHA256

      cc3fbfa0fa74fbc726e44e82698122ef072faba171c51b65c769b79b359d6790

    • SHA512

      db17c6846ed13ed09548b749b1955d5ba4da5219c175a29e24398ab45551f4c1a61671a2d337b37a4d01a95f221922391170df424068f2199136db33089af109

    • SSDEEP

      98304:SqpDdk/EqH7oDhQbi7sR56jFh1jfXs/C7rMp/X3cweoVOo5de0/xTdX3Vf:3pDfqHR75ShlfXSCE/XLeTMrxD

    Score
    7/10
    discoveryevasionpersistencespywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    behavioral1behavioral2

    • Target

      $TEMP/DSCToolkitV30.dll

    • Size

      523KB

    • MD5

      ccc5d0b6e91cc62f7857e5c28141a358

    • SHA1

      aed5988a711766179005ec879994125106299906

    • SHA256

      3a56c27d13c0ed55fa43b78911d990bdbd156eea80793a72590ea5a8a05c9a21

    • SHA512

      0e7eb2604e412e606518f2461d0c6ff3ad282299fa1406defc10d587a58ba45e11ff13028c744e485afa12b644dc75a43885d3c44cd2f77abaab6865c06e012e

    • SSDEEP

      12288:iujjhvb42ef54T3qPoI5S97jBXnRRx1fw46PdM0yT:igNbIu3ww7lXnRRff2BO

    Score
    3/10
    behavioral3behavioral4

    • Target

      $TEMP/DSCertEx.dll

    • Size

      259KB

    • MD5

      852574cda2b18627836bc6e599eaf596

    • SHA1

      407ae83340bf33855bcb49970b2e4ff371749875

    • SHA256

      2b5b3d7e6101bdf1ed434574fe48911ce0d48a3805f832c89601d0d2ad51dea8

    • SHA512

      c1fd37f334ead24dcaa46b78470581e6185f14d479d12b4c6e829fcf55fcedbf6827f778d7160b314838ae865e184201c4d0b444b7efba2abcdb438ada98ab1a

    • SSDEEP

      6144:b1l2mziGWXN4j9t7Fc9+7guYsF7N+P3nlqp:bOmziHN4hPOEf6lA

    Score
    1/10
    behavioral5behavioral6

    • Target

      $TEMP/MobileCertWin32.dll

    • Size

      525KB

    • MD5

      d30b8502aacf89aa5ab0cf1b24d55f11

    • SHA1

      a7937ae4489aea3f3d19c1c04ad530c91db015f2

    • SHA256

      7a617bc84155a4530bdd5d0a4e66f24d1b72e80b25080ae588ab7eeb56c64266

    • SHA512

      b232cfe89f9e5f78c42dc7f5ea65b2a5767f50cb7f4450de739a110f97fec5e85dfffd33020355f6f2e99776c06f8fad41a700b2969e7d43a1921229ba693e8a

    • SSDEEP

      3072:WlRrEUczk3fsF9Nn3ZknBNAjhKmsy8zP0Kss2GufKNQxJgKWJw+Znoi+pes92pkO:WlRreF/gag6IhQ8lP+pes92qG+wK7IB

    Score
    3/10
    behavioral7behavioral8

    • Target

      $TEMP/NFilterOpenWeb.dll

    • Size

      339KB

    • MD5

      ec09aea6003f13cea6fd25ec33c7a229

    • SHA1

      6f7ec5bb4685f336d30e5ab4d430ca65e6479421

    • SHA256

      3c78120038010d538fcd9217c6c00a79ec3ac56ea38a63ee24339d5a63177f4c

    • SHA512

      14f06b72c4b8f730038673477bcb2b2401cd4e8e33bd89075505f02552f9dcf9c29384df846efb98c142aa203dbebd56065cede4a1cd718f04837c0c5b486f7f

    • SSDEEP

      6144:W/ejWyJivucGqXmTNHlhhtUbeDhcDSBQTPN5zZ:tjWy0vXG6mTNHlaGdBQBRZ

    Score
    3/10
    behavioral10behavioral9

    • Target

      $TEMP/NpkiCard.dll

    • Size

      63KB

    • MD5

      2945d489d11e42494c01cb6e7be49ba0

    • SHA1

      fc9139977c5c4162d064ebdb9566b568ffa0396c

    • SHA256

      87f93f87b3686b88110ac6dc5f256b2eb5a56779b54c5ccd7919563dbb9e918c

    • SHA512

      68d6784acfef4f176b6d82cb3853037b28897fe1ead3deb5cedd06bfe3bd8d8984ec5a97c75473337c53b267d0561f62d3f0d076e188afe1cdcf196d46013291

    • SSDEEP

      1536:B/m73c0QT/yENwNnjSzAllspgDGlVnnHd0:B/mTc0JENwheAlls5Fn90

    Score
    3/10
    behavioral11behavioral12

    • Target

      $TEMP/SCSKAPPLink.dll

    • Size

      927KB

    • MD5

      c4bdc6443f4f8e3d1bf5f553df48c9fc

    • SHA1

      165abc3428c9ee33939eab2329a216b29c7650c5

    • SHA256

      b9d845d37306f812538599597c969135f0b57c3c4eea7d395ef8c6dbf491c32a

    • SHA512

      b9de94b2fb630800ad1f5aca1e8ead5d982afcb29054e3f33f602bdf7b6e2d88cfce248278f67a865a73c402073da579d51627aa46d529e90f2990f08f623bf8

    • SSDEEP

      12288:KRlwaunIW7pi0KeUzSkuu4CuXs3Ox8dg5qP0Pqdg5qPgPqdg5qPAPqdgPbdw56PT:DnIMi0K/zws3C7XtNJKQO4XDd

    Score
    1/10
    behavioral13behavioral14

    • Target

      $TEMP/UBIKeyPlugIn.exe

    • Size

      65KB

    • MD5

      a4aceddcc388b5f27099e45eee5491be

    • SHA1

      e417a140ba3b047a8ca81c10117ade245d0f1571

    • SHA256

      9b798ac9ebf4d526082b55a83764217345dee83cc95c43ce0ac363b24e186646

    • SHA512

      67649a58009979075c3a5fe19c4b5b60083d432b3849602fd35a868c8aac603c988e96095f01cceac1a140524b5ddd84327f62e32581afce627e6601d58daee3

    • SSDEEP

      1536:fLv+zvAOsOn/7UJKarrMnnP3o94eh3hYE:QHnnwJKa0nP3o9HAE

    Score
    7/10
    discoveryevasionpersistencespywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    behavioral15behavioral16

    • Target

      $TEMP/UBIKeyService.exe

    • Size

      925KB

    • MD5

      4e459af1454c80755092c7456cb04259

    • SHA1

      456f8a13dc1744c64d2b93da86b6141087c066bc

    • SHA256

      53f89189bee930b2512978be079978bcea3bb6004c45d8ccb52d96b51eb22002

    • SHA512

      9af836489bf21e3ef8b87e7a33cf7a54d0ccbf15d9bb385c04b1848522ec91bcc5358d85fb8284d922986d4101ee5503c74bc24a5adb5b3355ef1f9f74a5fa1a

    • SSDEEP

      24576:Ap7iK+JjtEHPQe4XebaaTiU3VitVzWse4yQ:ANkEHoeHbaaTiY0VkI

    Score
    1/10
    behavioral17behavioral18

    • Target

      $TEMP/UbiKey.dll

    • Size

      53KB

    • MD5

      b89218255384b587056cb1e948c295d5

    • SHA1

      0b13185c5152a221bc69cf27bccdc8cc9aeb1c7a

    • SHA256

      03810ba96b08824141ef982dcdb76c42ef8bd7f91c852ff26120a0b82fba99cb

    • SHA512

      48b181547448507c39465942ded6d18da9ff318fbc3abff042d18f70043a471050546b3e0b387b5d689e69baec5a027fb234c935d3068eeee867dc7d4a8b857f

    • SSDEEP

      768:ILcTKhfunFddZJP+OrMnnPFi06LI5NgW3hqFW:LTKoF1JPlrMnnPw0wW3hq8

    Score
    3/10
    behavioral19behavioral20

    • Target

      $TEMP/UbiKeyUninstall.exe

    • Size

      61KB

    • MD5

      596a181659a0fd78bcab66aed7a74e0b

    • SHA1

      5b0c2deb56375d2bbc10fb7bf4752709848b6099

    • SHA256

      22ce189f4cb33647b04bc2eda9c3341eec01d77291fa42a9670b84228d0b12dd

    • SHA512

      8253605b46a0b5e3a9e41924a7e150bd5aeb77a3e6e681e40770aa0bb1eebcfa114aeb0428372f68956a52cf95aa3225a984240260723a0188ddca97cda4640a

    • SSDEEP

      1536:tU7JyXlRkZ9MCAAZrMnnPZ4PdcDnh3h1g:qQDkZmbAenPuPdcDdg

    Score
    1/10
    behavioral21behavioral22

    • Target

      $TEMP/UbiKeyWin32.dll

    • Size

      57KB

    • MD5

      27ac04ae932f911c29ec56c7e75b7b82

    • SHA1

      342459632c0af7d7142475abb3f82b9269f11a1c

    • SHA256

      743097d53417609448988f4498d05c780feee5d946b20d6ada023d1597864eb8

    • SHA512

      1b233145129b05d2a3650409034825de951e7cfbf3d1f39fcd2debb1e49e916a3f6abbad7d01b424fbc54074e09c3276c48ca648aaac68244ba71ccc6e2dad57

    • SSDEEP

      768:qT7Tpep8j6fWVJ/6L4rMnnPoEgMutIJnNgb3hAj:S7TgpvmJ/60rMnnPLgps+b3hAj

    Score
    1/10
    behavioral23behavioral24

    • Target

      $TEMP/UbikeyCrypto.dll

    • Size

      179KB

    • MD5

      08a32163969c7064660bcba94ead2b8b

    • SHA1

      0c6c9d81b0612722d82e76adc3044bc905ef7db6

    • SHA256

      dffaba416506c6691fb12a70423ef5f8b4395fdce3b522a143c9d801ecb6d327

    • SHA512

      63d2b214078ca25c28dcf8004bf121a02d931e7c523243bf7b827f4b5d15ef0e9425abcbfe6ed78c8ca88e240f623521c4e0fc744099ecdb4cb05ba21dadcfb3

    • SSDEEP

      3072:BcYJcuTLE6TROpLh4zZpYOKGesIbcA4pOkPUL5jZHnGkiBoPkm5nlGwpaCwpdz8Z:OYJcuTLE6YkzZ2bJZmkuoXl5pfS1PNU

    Score
    1/10
    behavioral25behavioral26

    • Target

      $TEMP/certadm.dll

    • Size

      83KB

    • MD5

      aed39116fe12c5550975043da1d1b244

    • SHA1

      ed8aa12a00e93c1a477f4ef69864948b4014a7fb

    • SHA256

      bbba87bf62e8bdc11602f2a95712e5fe3fb1edbbcdeb28cbdcf191aeab286b04

    • SHA512

      0ab9ef25bba0e231a140a5153c9f9149ab194a324f374e655e43ef90715e0417987d7f31f2493e229ec8b704bead31f0fbff6ee811d42cb7af8c58361979d132

    • SSDEEP

      1536:MeZq3MXXTjmZ5IplbHKp/reRgMxcRircjVgrS9Ll2shT:MeZNvmnswKGMCZSrggsh

    Score
    1/10
    behavioral27behavioral28

    • Target

      $TEMP/certcli.dll

    • Size

      185KB

    • MD5

      f509af061bbf4eb9c39f3cca88c00505

    • SHA1

      a83487b2f41631576606e318ee792de695de72be

    • SHA256

      87ca129af67985dd5ed22913fd02402a9f2a965c13fa83be60fbeb94cbc595cd

    • SHA512

      9b6dee15751d40eb27b8e82bcf88ecee8658be9316a194c8b9492ccf6697f93ae1558adcaa25fe6d317963850bde805f2de6b67cb369adcb228a043741c85365

    • SSDEEP

      3072:2R+zHLqyTs5P/3AqYiHsq4zF4TPhS9JgUjY/Kv0V25N8HJjZ6nssxs3+HNJ8:Z1s5X3ACHsLzFoPhSAUjR0UcH6p

    Score
    1/10
    behavioral29behavioral30

    • Target

      $TEMP/certutil.exe

    • Size

      124KB

    • MD5

      5d44040504c77ca0778c1bf66e1009fb

    • SHA1

      fe4de0245c6ca96aade2f3d53fd274df2df2cb92

    • SHA256

      8bd1dab14e133519eabafd6c1bc449b57d749071b4c45f040a734c82bdb0d503

    • SHA512

      9a25cd8480502986d54ea44dee2bc1254de15a40cc5b6e367ea5baaa40e7df9df8d73a5186166c5a6fecd69115ea4a6d76e508651f9c220ed51b68d71d389c18

    • SSDEEP

      3072:wLHYLWUjUOh73h/NvurB+mLBdQPUjRqv0hpSM:BWUjUO+XBdQPwAv0Xh

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

2
T1112

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Tasks

static1

Score
3/10

behavioral1

discoveryevasionpersistencespywarestealer
Score
7/10

behavioral2

discoveryevasionpersistencespywarestealer
Score
7/10

behavioral3

Score
1/10

behavioral4

Score
3/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
3/10

behavioral9

Score
3/10

behavioral10

Score
3/10

behavioral11

Score
1/10

behavioral12

Score
3/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

discoveryevasionpersistencespywarestealer
Score
7/10

behavioral16

discoveryevasionpersistencespywarestealer
Score
7/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
3/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10