Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
3file.exe
windows7-x64
7file.exe
windows10-2004-x64
7$PLUGINSDI...er.dll
windows7-x64
3$PLUGINSDI...er.dll
windows10-2004-x64
3$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDIR/Zip.dll
windows7-x64
3$PLUGINSDIR/Zip.dll
windows10-2004-x64
3$R1.ps1
windows7-x64
1$R1.ps1
windows10-2004-x64
1SumatraPDF.exe
windows7-x64
1SumatraPDF.exe
windows10-2004-x64
1uninst.exe
windows7-x64
7uninst.exe
windows10-2004-x64
7General
-
Target
file.exe
-
Size
3.3MB
-
Sample
240129-j9j37sfbbr
-
MD5
e9511c52af792b25be4cc022154a8753
-
SHA1
9fb6b7306286ba00d05b045c37035da39026e5ed
-
SHA256
30aecb1d0bb7c6f8de3f21937ff121ccfee96e0454a1e9a156fefbf8accc8770
-
SHA512
8ff065e15a2e3ca5ab61b60d32cb1ecbbd34d9b45ff3947e2214d437f3f8d572b6b1c18abfe7a649f50892f17bfbbf4238a67562fdcf03ba72baac1cdd758d2a
-
SSDEEP
98304:8i++qX8iuivYw7Kx0tJI7dKeZIC5JkvEC:/cNuyYw7RtJI7ZZh5Jkl
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/Checker.dll
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/Checker.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20231222-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20231129-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/Zip.dll
Resource
win7-20231215-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/Zip.dll
Resource
win10v2004-20231222-en
Behavioral task
behavioral11
Sample
$R1.ps1
Resource
win7-20231215-en
Behavioral task
behavioral12
Sample
$R1.ps1
Resource
win10v2004-20231215-en
Behavioral task
behavioral13
Sample
SumatraPDF.exe
Resource
win7-20231129-en
Behavioral task
behavioral14
Sample
SumatraPDF.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral15
Sample
uninst.exe
Resource
win7-20231215-en
Behavioral task
behavioral16
Sample
uninst.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
file.exe
-
Size
3.3MB
-
MD5
e9511c52af792b25be4cc022154a8753
-
SHA1
9fb6b7306286ba00d05b045c37035da39026e5ed
-
SHA256
30aecb1d0bb7c6f8de3f21937ff121ccfee96e0454a1e9a156fefbf8accc8770
-
SHA512
8ff065e15a2e3ca5ab61b60d32cb1ecbbd34d9b45ff3947e2214d437f3f8d572b6b1c18abfe7a649f50892f17bfbbf4238a67562fdcf03ba72baac1cdd758d2a
-
SSDEEP
98304:8i++qX8iuivYw7Kx0tJI7dKeZIC5JkvEC:/cNuyYw7RtJI7ZZh5Jkl
Score7/10-
Loads dropped DLL
-
Registers COM server for autorun
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
$PLUGINSDIR/Checker.dll
-
Size
41KB
-
MD5
1ebcb7fe4d8f8f975dd404d1688d1e1a
-
SHA1
cff12da173ae6e6660870e6343aac823e013ebc3
-
SHA256
c78112c3da52d30b98c4cb34d3b9baf406f85a4dc975c40a6949672122c8ed37
-
SHA512
7ec29be35c39b8fb623eb1f624df984031bc26fb7c99d7375b754ac1bda383e318d01eeae2672a79db6e5b177e29d97a2eb0d60385a80f4a26a5006c7e0173fe
-
SSDEEP
768:NNZoBQfjXtKahyIXlQWBh/GxHxn2hEDVyx1jZv79FN:NNZwApK0XlLYd9o99L
Score3/10 -
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
14KB
-
MD5
30a8c8e0e35d7d036fea63ceca28b462
-
SHA1
e3e15d822bdd5e98c80e9b7c00a476dccbdc6eb6
-
SHA256
de1caa5f3a80a5cfffe6d475ca3404b8928d57c8adba49d89b13fe95ab2ee50b
-
SHA512
f68f6922352ed2c834bc0562681ef740c54bd430cbbd66bb6d5534fd146875b0a9937e98925727a8bd9dcad3d5e99322de13aaba231999d8c7608526a8adc181
-
SSDEEP
192:g46k30R+dHp4TaQm1QukrdWWmUOWDNsrwJBsLLvjCK72dwF7dBOne:Z6k30gdHp4J6Q0lXLvjC+BO
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
dd87a973e01c5d9f8e0fcc81a0af7c7a
-
SHA1
c9206ced48d1e5bc648b1d0f54cccc18bf643a14
-
SHA256
7fb0f8d452fefaac789986b933df050f3d3e4feb8a8d9944ada995f572dcdca1
-
SHA512
4910b39b1a99622ac8b3c42f173bbe7035ac2f8d40c946468e7db7e2868a2da81ea94da453857f06f39957dd690c7f1ba498936a7aaa0039975e472376f92e8f
-
SSDEEP
192:VFiQJ77pJp17C8F1A5xjGNxrgFOgb7lrT/993:97pJp48F2exrg5F/9
Score3/10 -
-
-
Target
$PLUGINSDIR/Zip.dll
-
Size
76KB
-
MD5
bd448b748b6fb2fc268f297363ef69e5
-
SHA1
0c33557703b39928d19520651001607724f5cf8d
-
SHA256
b3a67c05d7788b1310b342bea37d69a84d9c7997c729f489f9602148f9a6d708
-
SHA512
555f049387a924c1a3feb38582abb3c5b238df5975c4f739690e2bad06ce5bfce02c2deb46816aacbf73e76292382e8974484e9886f079de69ddad1268a0ea0d
-
SSDEEP
768:2qzEOfLo2T0pHES42P2wsSrSlAKL0RvTZTEeo9L1Po0OQuiSKcKysNU3her9dohv:2hQspHrXK5eKO5KysyxAd4CiR
Score3/10 -
-
-
Target
$R1
-
Size
700KB
-
MD5
accf7ac65166406e344ab6a412c3c2f4
-
SHA1
198b460224b5c47bd645a66cf4b33510314d3d0d
-
SHA256
05e1c793965512e33b1bc8104d58e12131c46656eac55d650bc0c4b50f5d5ddb
-
SHA512
24d5e42c8f6ec5d7acf0b398c40205a7a592afdd2e91c18b4080202990b44ad59276f44d28d40433308ad87f4bc2639cef5aa51da4cc36faf6b85d63ad7be0a9
-
SSDEEP
12288:NDSXZPuiI5Nr1GK+78EiGf4xAnoNb4ME7BxNfOp+pX3MntX+i1eI+G8b3fEw:U2iI5tr+78EiWqAoNb4ZBxNfbR3wtXNq
Score1/10 -
-
-
Target
SumatraPDF.exe
-
Size
6.2MB
-
MD5
a66c9054c372978b5752566361c27535
-
SHA1
527b8a0f9bffc41df878fb45e73f58e01e827e25
-
SHA256
54e19ff0a436f9806ff4dec14882a3391026751242b0e53330325e7c256d5155
-
SHA512
3114d24ccc0705cb722fd0a6ef135215e6475702d12073ab0567039a34d2cb279f7a6f6ffb58cc2a38dc87b3f97c71c245709ba6242813a0abd5ca0d0bb7e17e
-
SSDEEP
196608:DDXbNtDd/MmCp3XH0PXBs72S3CKCXCv2a/At:DDXht5/MmCpHUPXOR39Uk20C
Score1/10 -
-
-
Target
uninst.exe
-
Size
39KB
-
MD5
b462f3c38bc5b56e06976a94a7c36bc7
-
SHA1
0106bf912fa9a37bb975afb00fd4ebaf7dff13cd
-
SHA256
446c3dc2041bd1d0968e92ec21d538da95dd85c62535293fdca425b02587bbe5
-
SHA512
f33baef794d57eec26df2b173719c3dde0e8e1f9354d598662d1b86c1317b21fbff17b1ce373495f9bfe717d10b8dba1d486fee18bbb51b726e480300c606343
-
SSDEEP
768:0Gn4o4BL/akfpI1nu0LXGS8BPfeyWMZtuHvwbtOuIYdPciuc1sJ:T4hwgonu0fJytuPwbdNcir1sJ
Score7/10-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-