Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

RADMIR_LAU...1).exe

windows7-x64

7

RADMIR_LAU...1).exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

LICENSES.c...m.html

windows7-x64

1

LICENSES.c...m.html

windows10-2004-x64

1

RADMIR_LAUNCHER.exe

windows7-x64

7

RADMIR_LAUNCHER.exe

windows10-2004-x64

7

RADMIR_LAU...EX.exe

windows7-x64

7

RADMIR_LAU...EX.exe

windows10-2004-x64

7

api-ms-win...-0.dll

windows7-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows7-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows7-x64

3

api-ms-win...-0.dll

windows10-2004-x64

3

api-ms-win...-0.dll

windows7-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows7-x64

1

api-ms-win...-0.dll

windows10-2004-x64

3

api-ms-win...-0.dll

windows7-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows7-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows7-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows7-x64

1

api-ms-win...-0.dll

windows10-2004-x64

1

api-ms-win...-0.dll

windows7-x64

3

api-ms-win...-0.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RADMIR_LAUNCHER (1).exe

  • Size

    70.9MB

  • Sample

    240128-rdta1adfdl

  • MD5

    8465f7fc1db3beffa1db908f54d1cd04

  • SHA1

    9d11a228c4a095fb1f76cc16e71ab21e8673547d

  • SHA256

    18fb1efac7a965e3be1b7c090324e291fcdaba65ec213619d245aa4aa54387ba

  • SHA512

    8782fb1e7800a4ba1038e093886a2c0c1d4a947892f222e62fdcaee0f12f7fd9ab259f67830321d04a1a45e22711c50aec555ba806eaf01930260db57a8485c3

  • SSDEEP

    1572864:B2iif6jme1ExJH1h60Fw90txK5fr2gdfTJEk2FDbksrhvaF45B5CLLAtfSrS:B746jex9n41B1EvFNtva63CwNt

Score
7/10

Malware Config

Targets

    • Target

      RADMIR_LAUNCHER (1).exe

    • Size

      70.9MB

    • MD5

      8465f7fc1db3beffa1db908f54d1cd04

    • SHA1

      9d11a228c4a095fb1f76cc16e71ab21e8673547d

    • SHA256

      18fb1efac7a965e3be1b7c090324e291fcdaba65ec213619d245aa4aa54387ba

    • SHA512

      8782fb1e7800a4ba1038e093886a2c0c1d4a947892f222e62fdcaee0f12f7fd9ab259f67830321d04a1a45e22711c50aec555ba806eaf01930260db57a8485c3

    • SSDEEP

      1572864:B2iif6jme1ExJH1h60Fw90txK5fr2gdfTJEk2FDbksrhvaF45B5CLLAtfSrS:B746jex9n41B1EvFNtva63CwNt

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      cff85c549d536f651d4fb8387f1976f2

    • SHA1

      d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

    • SHA256

      8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

    • SHA512

      531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

    • SSDEEP

      192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr

    Score
    3/10
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      6c3f8c94d0727894d706940a8a980543

    • SHA1

      0d1bcad901be377f38d579aafc0c41c0ef8dcefd

    • SHA256

      56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

    • SHA512

      2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

    • SSDEEP

      96:o0svUu3Uy+sytcS8176b+XR8pCHFcMcxSgB5PKtAtgt+Nt+rnt3DVEB3YcNqkzfS:o0svWyNO81b8pCHFcM0PuAgkOyuIFc

    Score
    3/10
    behavioral5behavioral6

    • Target

      LICENSES.chromium.html

    • Size

      5.2MB

    • MD5

      4247afa6679602da138e41886bcf27da

    • SHA1

      3bb8c83dc9d5592119675e67595b294211ddbf6e

    • SHA256

      bf59a74b4404aa0c893ca8bbe636498629b6a3acdff4acb84de692462fd626e4

    • SHA512

      ad3103f7fd32f0ec652bc7fcb8c303796367292a366037acad8e1312775cdd92c2f36ed8c34a809251ad044508e1e7579b79847de61025baf8bda5ad578a0330

    • SSDEEP

      12288:/7etnqnVnMnBnunQ9RBvjYJEi400/Q599b769B9UOE6MwMGucMEbHDuX0YnpWQZG:sPMM5FaWStHvmUKItmfDTeHiVQZp4

    Score
    1/10
    behavioral7behavioral8

    • Target

      RADMIR_LAUNCHER.exe

    • Size

      136KB

    • MD5

      f65724f439f3ac47153fdec32d5d58fb

    • SHA1

      9c842169664f734426e8d0b87ed068e554ea11c4

    • SHA256

      c3566150c632c7cae3b96de78f5e5d7a3b816ce1b9a013ef74b326bb75df84c9

    • SHA512

      10d3bf90b1f291494031cea1b14a9c55d30c75856bbeb8975585896016cf83b0d895f3edd9d28bb8867406979bb0b2922a6e28f93feff5b5dbd98aa5435f4745

    • SSDEEP

      3072:voLN5XpO8MjeE/u17JJSlZo7yFeRNCZ7+vWm9wY6n:vru17Jml8w5d

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    behavioral10behavioral9

    • Target

      RADMIR_LAUNCHER_EX.exe

    • Size

      117.7MB

    • MD5

      340708e6beaf93b5293a244a5ecf4c08

    • SHA1

      c4706273975fcf86eb9ae5ac6acf74e206a18a32

    • SHA256

      8d718d2364663c95c50fab10c5b01cf9c05c2af1685ddc64ba826d92f08223a2

    • SHA512

      be1da0839dd938dabac817b80ac0236b969cbcd9e25c0926b832d8bfcb0061c9e304f45cc1db384a467ef7a1f296a93786a7faccf2e5009a263f0e1bc39042b0

    • SSDEEP

      1572864:jcNi9c9Bd2PSGAv7AtHQzOxD7BwSbfri0UmJ4hA5elULguvg/x5kk3A4sqACQoa8:LiTaM/kt4lda5l2vWmeY

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    behavioral11behavioral12

    • Target

      api-ms-win-core-console-l1-1-0.dll

    • Size

      18KB

    • MD5

      aabbb38c4110cc0bf7203a567734a7e7

    • SHA1

      5df8d0cdd3e1977ffacca08faf8b1c92c13c6d48

    • SHA256

      24b07028c1e38b9ca2f197750654a0dfb7d33c2e52c9dd67100609499e8028db

    • SHA512

      c66c98d2669d7a180510c57bab707d1e224c12ab7e2b08994eb5fd5be2f3dee3dbdb934bcb9db168845e4d726114bce317045027215419d3f13dcfa0f143d713

    • SSDEEP

      192:aBgW1hWi7u7jCjdks/nGfe4pBjSYpP4W5RKTt3E2sVWQ4GWc6CT7yqnaj/6g6dyh:dW1hWLam0GftpBjhFm3S4xltZEU

    Score
    1/10
    behavioral13behavioral14

    • Target

      api-ms-win-core-datetime-l1-1-0.dll

    • Size

      17KB

    • MD5

      8894176af3ea65a09ae5cf4c0e6ff50f

    • SHA1

      46858ea9029d7fc57318d27ca14e011327502910

    • SHA256

      c64b7c6400e9bacc1a4f1baed6374bfbce9a3f8cf20c2d03f81ef18262f89c60

    • SHA512

      64b31f9b180c2e4e692643d0ccd08c3499cae87211da6b2b737f67b5719f018ebcacc2476d487a0aeb91fea1666e6dbbf4ca7b08bb4ab5a031655bf9e02cea9a

    • SSDEEP

      192:fW1hWiH+49Cjdks/nGfe4pBjSY285a+W5RKTt3E2sVWQ4GW2TwE9qnajuZDAJaaj:fW1hWZ4wm0GftpBj8m3SLwwlUKTf

    Score
    1/10
    behavioral15behavioral16

    • Target

      api-ms-win-core-debug-l1-1-0.dll

    • Size

      17KB

    • MD5

      879920c7fa905036856bcb10875121d9

    • SHA1

      a82787ea553eefa0e7c3bb3aedb2f2c60e39459a

    • SHA256

      7e4cba620b87189278b5631536cdad9bfda6e12abd8e4eb647cb85369a204fe8

    • SHA512

      06650248ddbc68529ef51c8b3bc3185a22cf1685c5fa9904aee766a24e12d8a2a359b1efd7f49cc2f91471015e7c1516c71ba9d6961850553d424fa400b7ea91

    • SSDEEP

      384:uW1hWcFm0GftpBjOQElEm3SQalndaYhppz:llVijElEXj

    Score
    3/10
    behavioral17behavioral18

    • Target

      api-ms-win-core-errorhandling-l1-1-0.dll

    • Size

      17KB

    • MD5

      d91bf81cf5178d47d1a588b0df98eb24

    • SHA1

      75f9f2da06aa2735906b1c572dd556a3c30e7717

    • SHA256

      f8e3b45fd3e22866006f16a9e73e28b5e357f31f3c275b517692a5f16918b492

    • SHA512

      93d1b0d226e94235f1b32d42f6c1b95fadfaf103b8c1782423d2c5a4836102084fb53f871e3c434b85f0288e47f44345138de54ea5f982ca3e8bbf2d2bea0706

    • SSDEEP

      192:cnmxD3jW1hWiRcvHCjdks/nGfe4pBjSYrteMMPiW5RKTt3E2sVWQ4GWCxMfqnaj9:cn4W1hWiQim0GftpBj9eXm3SR6lPp/

    Score
    1/10
    behavioral19behavioral20

    • Target

      api-ms-win-core-file-l1-1-0.dll

    • Size

      21KB

    • MD5

      eefe86b5a3ab256beed8621a05210df2

    • SHA1

      90c1623a85c519adbc5ef67b63354f881507b8a7

    • SHA256

      1d1c11fc1ad1febf9308225c4ccf0431606a4ab08680ba04494d276cb310bf15

    • SHA512

      c326a2ca190db24e8e96c43d1df58a4859a32eb64b0363f9778a8902f1ac0307dca585be04f831a66bc32df54499681ad952ce654d607f5fdb93e9b4504d653f

    • SSDEEP

      384:Y6PvVX7W1hWC1m0GftpBj4xm3SBvlmTwhsH:jPvVXeTVic1i

    Score
    3/10
    behavioral21behavioral22

    • Target

      api-ms-win-core-file-l1-2-0.dll

    • Size

      17KB

    • MD5

      79ee4a2fcbe24e9a65106de834ccda4a

    • SHA1

      fd1ba674371af7116ea06ad42886185f98ba137b

    • SHA256

      9f7bda59faafc8a455f98397a63a7f7d114efc4e8a41808c791256ebf33c7613

    • SHA512

      6ef7857d856a1d23333669184a231ad402dc62c8f457a6305fe53ed5e792176ca6f9e561375a707da0d7dd27e6ea95f8c4355c5dc217e847e807000b310aa05c

    • SSDEEP

      192:Y+W1hWifcvHCjdks/nGfe4pBjSYA89sX5W5RKTt3E2sVWQ4GWFuLOgVqnaj6uDp6:Y+W1hWoQim0GftpBj7sIm3SFOslD16hP

    Score
    1/10
    behavioral23behavioral24

    • Target

      api-ms-win-core-file-l2-1-0.dll

    • Size

      17KB

    • MD5

      3f224766fe9b090333fdb43d5a22f9ea

    • SHA1

      548d1bb707ae7a3dfccc0c2d99908561a305f57b

    • SHA256

      ae5e73416eb64bc18249ace99f6847024eceea7ce9c343696c84196460f3a357

    • SHA512

      c12ea6758071b332368d7ef0857479d2b43a4b27ceeab86cbb542bd6f1515f605ea526dfa3480717f8f452989c25d0ee92bf3335550b15ecec79e9b25e66a2ca

    • SSDEEP

      192:FZkW1hWiecvHCjdks/nGfe4pBjSYo3Vq34W5RKTt3E2sVWQ4GW2rOqnajd2siD+k:MW1hWdQim0GftpBj4VuFm3SWlg+0mw

    Score
    1/10
    behavioral25behavioral26

    • Target

      api-ms-win-core-handle-l1-1-0.dll

    • Size

      17KB

    • MD5

      18fd51821d0a6f3e94e3fa71db6de3af

    • SHA1

      7d9700e98ef2d93fdbf8f27592678194b740f4e0

    • SHA256

      dba84e704ffe5fcd42548856258109dc77c6a46fd0b784119a3548ec47e5644b

    • SHA512

      4009b4d50e3cb17197009ac7e41a2351de980b2c5b79c0b440c7fe4c1c3c4e18f1089c6f43216eaa262062c395423f3ad92ca494f664636ff7592c540c5ef89d

    • SSDEEP

      384:4W1hWypFm0GftpBjTnom3S4tOlDCEY5kD:zvViFoUtQ1Y5kD

    Score
    1/10
    behavioral27behavioral28

    • Target

      api-ms-win-core-heap-l1-1-0.dll

    • Size

      17KB

    • MD5

      ff8026dab5d3dabca8f72b6fa7d258fa

    • SHA1

      075c8719e226a34d7b883fd62b2d7f8823d70f1a

    • SHA256

      535e9d20f00a2f1a62f843a4a26cfb763138d5dfe358b0126d33996fba9ca4d1

    • SHA512

      9c56ff11d5843ba09cd29e3bc6c6b9396926c6a588194193ba220cfa784b770ab6756076f16f18cfea75b51a8184a1063ef47f63804839530382f8d39d5cf006

    • SSDEEP

      384:nEleW1hW59XRm0GftpBjywVpm3SJflndaYhp6a:uADVig69F3

    Score
    1/10
    behavioral29behavioral30

    • Target

      api-ms-win-core-interlocked-l1-1-0.dll

    • Size

      18KB

    • MD5

      cfe87d58f973daeda4ee7d2cf4ae521d

    • SHA1

      fd0aa97b7cb6e50c6d5d2bf2d21d757040b5204a

    • SHA256

      4997fda5d0e90b8a0ab7da314cb56f25d1450b366701c45c294d8dd3254de483

    • SHA512

      40eb68deb940bbe1b835954183eea711994c434de0abbdea0b1a51db6233a12e07827ad4a8639ae0baf46dd26c168a775ffe606c82cbe47bae655c7f28ab730b

    • SSDEEP

      384:l5iYsFqW1hWfsngm0GftpBjWfshFIvgCcm3SHlg+0Ix:loZngViwfsh6gxfx

    Score
    3/10
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks