Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

RAM.zip

windows10-2004-x64

7

GameAssembly.dll

windows10-2004-x64

1

RAM.exe

windows10-2004-x64

7

RAM_Data/P...ss.dll

windows10-2004-x64

1

RAM_Data/P...ed.dll

windows10-2004-x64

1

RAM_Data/R...ources

windows10-2004-x64

1

RAM_Data/R..._extra

windows10-2004-x64

1

RAM_Data/R...s.json

windows10-2004-x64

3

RAM_Data/S...s.json

windows10-2004-x64

3

RAM_Data/app.info

windows10-2004-x64

3

RAM_Data/boot.config

windows10-2004-x64

3

RAM_Data/g...nagers

windows10-2004-x64

1

RAM_Data/g...assets

windows10-2004-x64

3

RAM_Data/g...s.ress

windows10-2004-x64

3

RAM_Data/i...ta.dat

windows10-2004-x64

3

RAM_Data/i...es.dat

windows10-2004-x64

3

RAM_Data/level0

windows10-2004-x64

1

RAM_Data/s...assets

windows10-2004-x64

3

RAM_Data/s...s.ress

windows10-2004-x64

3

UnityCrash...64.exe

windows10-2004-x64

1

UnityPlayer.dll

windows10-2004-x64

1

baselib.dll

windows10-2004-x64

1

Resubmissions

03/02/2024, 06:55

240203-hp5czabeg7 7

03/02/2024, 06:52

240203-hnee6adhdp 7

03/02/2024, 06:46

240203-hjl97sbdh3 7

03/02/2024, 06:41

240203-hfs9cadfhl 3

03/02/2024, 06:38

240203-hebb5sdffl 3

03/02/2024, 05:47

240203-gg3nqsaee9 8

03/02/2024, 05:22

240203-f2tqwscdcm 7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RAM.zip

  • Size

    31.1MB

  • Sample

    240203-f2tqwscdcm

  • MD5

    4ba0b2f8488848eaf1d1bd62d99deac9

  • SHA1

    350abba23726ff7e4b597f72f35e17df33d4eed9

  • SHA256

    72b5e76a8256cf479be8ab736165302405cc399be066f8b9d7eb1ba52520e3c1

  • SHA512

    d698ce29c3d1244b53d244588989091c32d8db97c965fdd457e0f441390c198d5da0b54d72588f5d1db6af44e14227593ecca8af4305975afe22a21021e9d225

  • SSDEEP

    786432:V7g6SJ5g4xZv3Qn4VZ7Mt1dc83+6HJe5XwG30RX+5z3xoO5iIOt0M:V7g665g4xmS7Mt/V+a8XNkRX+BxoO5iH

Score
7/10

Malware Config

Targets

    • Target

      RAM.zip

    • Size

      31.1MB

    • MD5

      4ba0b2f8488848eaf1d1bd62d99deac9

    • SHA1

      350abba23726ff7e4b597f72f35e17df33d4eed9

    • SHA256

      72b5e76a8256cf479be8ab736165302405cc399be066f8b9d7eb1ba52520e3c1

    • SHA512

      d698ce29c3d1244b53d244588989091c32d8db97c965fdd457e0f441390c198d5da0b54d72588f5d1db6af44e14227593ecca8af4305975afe22a21021e9d225

    • SSDEEP

      786432:V7g6SJ5g4xZv3Qn4VZ7Mt1dc83+6HJe5XwG30RX+5z3xoO5iIOt0M:V7g665g4xmS7Mt/V+a8XNkRX+BxoO5iH

    Score
    7/10

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

    • Target

      GameAssembly.dll

    • Size

      23.0MB

    • MD5

      69ce2705f5d51da9c2c0f4479b67075c

    • SHA1

      00efffda43830219d4324d7516072dc8320993bc

    • SHA256

      c42c9115e10d6eaa8101015d200bea986d61c240a088705e6afbe0255b1e811b

    • SHA512

      03a2919e9b97fe544dbef8d18f78a7a0df9beebb1d9c8d46a51f1c96a4e3c87b48d99691f1220d72188af3f02d06a542811f27833bcb60c0a4a1feddd1e97f68

    • SSDEEP

      393216:/jB8Z4r6zOU6mxvzfcfivc+nyz2Phd2ICkrJ9KzAKHGLuaonoDqlZAngyAY:/Rz2ziE

    Score
    1/10
    behavioral2

    • Target

      RAM.exe

    • Size

      651KB

    • MD5

      7cee4e8c43b5c92d57a3d809559c92e0

    • SHA1

      7e6a7013b0d027d58611f2cd6f461f18155ca34a

    • SHA256

      3e93ec5cc0224e1f7c4d6eaa6a34a333526058d622a5466bbcf833f3a1ce625f

    • SHA512

      6216619de06fd7f0e5adde4a4c8860862c265d8a9f70a077656add39a4b5eb1d87325a4d3bb579e0780a5423240356616ecb385b8b5575c09c8c79781aa445d1

    • SSDEEP

      3072:kQJHVdFgIW9mYucJ/OD8JVsIl3rLIr67G2E1:5H7FG9mpcJ/OD8qrn

    Score
    7/10

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral3

    • Target

      RAM_Data/Plugins/x86_64/KS_Diagnostics_Process.dll

    • Size

      4.9MB

    • MD5

      9ffd4b950fef075cdc7059c0c7a7c202

    • SHA1

      b043a1d763b6fd943bd5ffd3526566105b34c9f9

    • SHA256

      7f3a6750ad394103070c8370b4b3b96ff93dc7a2a7da543f60b3029f6a73fa8a

    • SHA512

      a2dcbb96007c4e176da08ad92b5b14713abdcbc6007bb856297b6d926e16de1d81fc05b3f6a3d0749c07d7a3ad8f57ee011d3baa0b10e05f001de5d4d92356a5

    • SSDEEP

      49152:ZIW2dGyJkJUkjvR3SGa2MV/b2ecedRIRPCW3+fJI6F38984JFynbdyO+BvjP:7O0iMMVHdRIRPCSghnbdyO+xP

    Score
    1/10
    behavioral4

    • Target

      RAM_Data/Plugins/x86_64/lib_burst_generated.dll

    • Size

      88KB

    • MD5

      58a8dbb61ea3ef9b84cdcf014d3afa7d

    • SHA1

      b5e0f2fb0ea96602e685e78c3cef52fa6711a121

    • SHA256

      eaaaa55a48824983fb40d123700e334b37920b9f6f8c734b671b98ad74e0cc8b

    • SHA512

      e0fdc8d99a55c5edffa8230e47c7224885bef8b67715c95bb8c24dc18196b21d831ddb173c18081ff5935e33b415f122c88ad37527f9a37b6097636b2c6fa991

    • SSDEEP

      1536:+tr1GSuE8nkC87LdySNBmCQzbOC7y3m8jdVDg9cZ+RmsEna93cWwl8:gMSuzylTVInXRpEnk3cWw2

    Score
    1/10
    behavioral5

    • Target

      RAM_Data/Resources/unity default resources

    • Size

      5.6MB

    • MD5

      7c01efd7e459bcf10e9234d9704f3de3

    • SHA1

      3a5157f78b8faa92de52e11d9c44b1e2a5e426e2

    • SHA256

      4a9ef565a53250a65e76eec73367e1bdcd0bed7cc58f8df19c4ad46c6e033039

    • SHA512

      0aa60e099b5c0811f2fda708ddf091c741c14a6cc3a1e9fd6a8cd8c360e7168d5b1ff9f3d5257798f0292b582ca8c617968efb393449a3f1035a3da3be4b777b

    • SSDEEP

      12288:bZBsd05vWGa5eUC+Ss6TpQtPOhEvOjdCTYUw:Z9aU0SBAJvAkT

    Score
    1/10
    behavioral6

    • Target

      RAM_Data/Resources/unity_builtin_extra

    • Size

      363KB

    • MD5

      5c1b6b54177d3b21f0674cf6d6b0b261

    • SHA1

      e7ca71fcecba7c406c4a8df5764e708fd023e9e3

    • SHA256

      0855cdc7649e8c7c979e9ba5583267b349996fe03c8aa5ecde777d59d4d3c132

    • SHA512

      884e7b9ba6f1afccfc4ee4724835c77675417854f588ac5adff26ae688e58e518b008ed26615000d757d8de2b22915b87bd372c4a92b631be070de1b662fe314

    • SSDEEP

      3072:ljipDxxNPZ9B13b/fDPolc6ko3Hi7rL2l:ljiZxxVP/fDPkJ3C7ml

    Score
    1/10
    behavioral7

    • Target

      RAM_Data/RuntimeInitializeOnLoads.json

    • Size

      700B

    • MD5

      d2579a071fb2371024bc3689fc8e82a3

    • SHA1

      598625b1377b0a9580d2ae1bf0df3230d8662073

    • SHA256

      1f24ac55efc1eca154804c4c4c5b10b13ea8064b2203cd502d715b0da083fc82

    • SHA512

      3f2ca4800b8aed29d574ed9ebdfe6b0648b9dbdeb6b962812c06fe17ff8170303e7d0e29ecb6947d34cdc1bc5f9e2c6711d1119669e6955f30c80b953430afc6

    Score
    3/10
    behavioral8

    • Target

      RAM_Data/ScriptingAssemblies.json

    • Size

      3KB

    • MD5

      c4493529b0156b989b98a5a1e4b9bcea

    • SHA1

      c5568c01a20e7464a89b42950612757d0e817278

    • SHA256

      93946d270caa5b8b4d40bd92719ff26d1008f72d5df51f95567099b359c068bf

    • SHA512

      7ad7642ba627520f0ab4c06893ead8f2f1edf7111bca3ef110a0493c895e252626b61a0b4c766b82545febbab42592917901fc283e55a83d50edbbdf98e1ef2c

    Score
    3/10
    behavioral9

    • Target

      RAM_Data/app.info

    • Size

      7B

    • MD5

      c4c05c9397b3c281c0c0c333d1c594de

    • SHA1

      7b192dde8197a85f54950d23a5b33fa842661983

    • SHA256

      bb1d6ace9d0382a60c019c8c9f9dcb7adc5338a01d252b9b7201f72064672ed2

    • SHA512

      231dfc47cc6a3c735318cb154ff31a96908c39df4a9626a967a287aaeedaf4d501fb6c50edbfd12f05ac6a32913540f94a6d0d8f33c48123bd392cc5b97e58de

    Score
    3/10
    behavioral10

    • Target

      RAM_Data/boot.config

    • Size

      134B

    • MD5

      907ed48ee399ff6b9343f7c9a83cfaf5

    • SHA1

      84cc39533172e4b658e886578e0be733a35b80a2

    • SHA256

      88bd9f6c0a46984270f62263a06df343f6a8d10b3e6a27f59b3786237ece6c5d

    • SHA512

      269d44963d248caa9325ea6ae64233f1cb8c3a221500d52c33571c56a72b0531d74193da96197aea460acb46c893cbf28a25dcfe5c23e8c3eadff9f3d820b2b3

    Score
    3/10
    behavioral11

    • Target

      RAM_Data/globalgamemanagers

    • Size

      73KB

    • MD5

      17474d5bd22680798402921a46a0b7ac

    • SHA1

      64f9dd8ce64f300d210f4466f1383aca1cd60658

    • SHA256

      ff0ad994a49e75b4b8d8e752561670fd2609970af0d952530066fe165e6abeed

    • SHA512

      8947e4a77177b3e51da964c68571bdc3fb9fc7ffb339a102e6ab55e1eb160b48f1ef67acc8d908194948a3c4f5e0b61388b7f0a4b44bf9d9bf3e973ffa23691d

    • SSDEEP

      1536:HhrkuCLSTuM85ymhKor+ic4KhYZRwzXBva8:eZRhyiX4YZK1va8

    Score
    1/10
    behavioral12

    • Target

      RAM_Data/globalgamemanagers.assets

    • Size

      165KB

    • MD5

      b6fcc0097e5f9546f2b19aee93f5bc74

    • SHA1

      aa138e0c85ef4dbffb6ef310b51004ce9f2f110c

    • SHA256

      44144c265ed1022900987eee70d9ae8179b4069f375c3833c78c2a95bb6aa938

    • SHA512

      d5881ae74426dc8c651d458ca61740b903e0bb4b8680348e0f1bfd113ce76ea4b242f454bf026ca99620cdce942cb413a845860bd9afa97a1741605282b26f0d

    • SSDEEP

      1536:ViysoRKZOsV35jPeBzG7Tjnmy9jdcxib13gWzUuIVWmY5p:VfJsV5PeBoTLmsgzVWmY5

    Score
    3/10
    behavioral13

    • Target

      RAM_Data/globalgamemanagers.assets.resS

    • Size

      2.7MB

    • MD5

      7423e95b309c209a70c3b8112f61d473

    • SHA1

      8c8d65e4df4f89c0fa77b5ba6a8ec737113ef592

    • SHA256

      39dd38fcd8dd95d41d6d55fe16a448d29fe2c31d9a162c825c24c6d99a893d7a

    • SHA512

      617856a9aff5b357085a59ffc6bfd8a107a48ee22849ee190bdc1e81e1bdf9d9be9fb1fdaa5edd89b65ce1fc63a5525731f6526b14379b72c5396fd202d772aa

    • SSDEEP

      1536:8nCugW37Qc/WRI5YYt3I/cTj3PzZxwWDPoAw5LoWi:4UW3stRLuxv3PQQQAJ

    Score
    3/10
    behavioral14

    • Target

      RAM_Data/il2cpp_data/Metadata/global-metadata.dat

    • Size

      5.3MB

    • MD5

      f5aca820c094dbffd211a7434214ca05

    • SHA1

      c0651b22cd6707d26180152c52828156da888bab

    • SHA256

      85f28068fefa457ce6f6e5c91cef44598f0e51730a1c66fe8be0e28551155569

    • SHA512

      1873027771c955011da12d30d37442e80fcc8474a32bde592b63541c4351298d3ace6841d61be066a563dd805ffa502a7e3618d29e1928dd04a957040016b1c8

    • SSDEEP

      49152:JkSyJpFOjriJJze72vEJP6yXk4JVGxflE2o3KBeQh1KuT:xrSTvEPXkB9AKLDKA

    Score
    3/10
    behavioral15

    • Target

      RAM_Data/il2cpp_data/Resources/mscorlib.dll-resources.dat

    • Size

      329KB

    • MD5

      21d06dbc8af6432b2b49536ed30609af

    • SHA1

      11a1c0e2ab2f8c06fe4507535ed47e0dd279a60d

    • SHA256

      c5baa176a5b72cd545266340e42102d393a5e43d38c95796bc828918bb95277f

    • SHA512

      2971f54eaa14c3ce6e2352e5a1aea5b044f0894bf4eac92de8cd92515b6473b5ca56ebfcad4369a9d4935cbefea2540a83f332fd4d832c37768310e8776ceb5e

    • SSDEEP

      3072:c5j+evAPQ48RhHkXKSmLZsumnWpevI1kMqXkD3by+BEL:crvS8rHXSmJmnjvXkSr

    Score
    3/10
    behavioral16

    • Target

      RAM_Data/level0

    • Size

      21KB

    • MD5

      c2ff76efd63d54d4e1f6efd262e81ab0

    • SHA1

      f17e3826081c38a3fb399d97a1d65d25fc8bf836

    • SHA256

      3ba209fd26ca3f31260462816879dd9d3fd4f939d07a4b5b93f268fc12444e0a

    • SHA512

      25c4d3d18da551c96539c55c8cf36f49d663428fa06fa2ee53416210bdf4939da522c01ccac513c1f79f5d88bd222324396e3b707220669c8266721e694f10fb

    • SSDEEP

      96:UPDKDZyq7Zp4YrUKeaAFbP6RIn2WqE4xj7i944M8C/kHlEKbE6dQ20jF+D0jS+4X:UWn+FbPd2WIxvFyJvNkzKe99SMUTj9

    Score
    1/10
    behavioral17

    • Target

      RAM_Data/sharedassets0.assets

    • Size

      50KB

    • MD5

      9bad58033d9907e5af616424f5a90e80

    • SHA1

      4a5067e490849454eca116df0e623a414492145a

    • SHA256

      8ada32ace04c773ab89cd0dfd152e51fdebbc765fac928782dec830c171f563b

    • SHA512

      fec43dc0407a6461cde0c7117e18a379379fe6b8c920c76dc5a3889963ca44e34d0c947f2a9887fd2c8e0a7fef33f4ffa6c120216101a658bb1f54b0583bab33

    • SSDEEP

      192:84bvfYSyHC7owL4b6+LEtCWPaTfbuufI4l:JwrHC7owL4O+LEMJdl

    Score
    3/10
    behavioral18

    • Target

      RAM_Data/sharedassets0.assets.resS

    • Size

      65.7MB

    • MD5

      764dad76653d445cf25cd0dfacd20c62

    • SHA1

      966449f7ecfd0e2926559af3d1769886999a5665

    • SHA256

      40c23970a3ae8b4ce50447b2bfa6061f3ab676788c13ec47c6fa07bbdc5cecfa

    • SHA512

      46a3a94ae20902f41ffb1b5bf97e1e6ffd17cc714ed10a3a192ddf3af41a901bed6a7230bb8ef24e073946c98a72ccc4936efe4ac81cf1cd32acb189717be4d4

    • SSDEEP

      98304:S1yfOke1432HwWjoHq4DGCBwqAfiidCKJcFGgaD0Yu05KCahZdinCjfuN:TWrgYRjoH/3Pm/KGgaD0Yu05zwZUnCz

    Score
    3/10
    behavioral19

    • Target

      UnityCrashHandler64.exe

    • Size

      1.1MB

    • MD5

      050c4bb0ff06d89b52af110c2ada1a55

    • SHA1

      73c5768852d7440e31194891054407ee447dcf5b

    • SHA256

      b31f519dcfacd529695a0cc710850b31ef41ab8ab5996b2edb84d97926901918

    • SHA512

      34411c03dac23e5660e8dfa98b4d51dc281c1e8fdaab5303a39269504c9034a89f2110fe5417893feb674aaf16275b980ee27f7d4e0322780a6611000f319298

    • SSDEEP

      12288:skrEdtytWENGu+ptlkekTbkXepg8sTJqT64ux3C1AboWorqZZaiQfz2fzAS:skrEdtytLNJOtlOHsTJqaSibq0gz+zAS

    Score
    1/10
    behavioral20

    • Target

      UnityPlayer.dll

    • Size

      28.6MB

    • MD5

      8b939ab1dfa3dab667623b1e4d5cc4b2

    • SHA1

      fdb1921c1123df7f25007253d65e2d1d8ab9403d

    • SHA256

      a881850d83b247575921a91f98a962ac91eb5f1b3c9622ccc1851cb35945e201

    • SHA512

      1e874c47b33b5560fbae0142eba7f98520a6119326093a569657ef23a98a6b49d0f3b3bd5aea7b397a721df061bdf4b981e7fd28bdecd85cf79a6690977347a6

    • SSDEEP

      393216:C4/5CVR2KpqiFPaRoQlgnx3SVjlmiaxOhlllxcd+dciF4b8czkVn:CqoQynclmg/0bzkB

    Score
    1/10
    behavioral21

    • Target

      baselib.dll

    • Size

      409KB

    • MD5

      da596aeb484d88ff32afba58b10fb704

    • SHA1

      2d8470f26a723e5c79735bf782a1e6420090e0bc

    • SHA256

      b5e1148dffaebc91b997fbb8727fbfebd90a1e7d28b23f95c35ca54940f26a14

    • SHA512

      7ca3f60aca2bd7b33a0acd25dcb52beb7b77e569392dacf5ff57503628e741d42f13c4d34991a4ead1cbf9bbafe25ebba7152055cfa15b4ac56a0115ad984d3a

    • SSDEEP

      6144:hHdA6HG+G5c2xGUGvojVM3eocrlf9dtpV921DmPeh0F6FFDMHWz:1dA6HGtimVVoc3pV921CWX

    Score
    1/10
    behavioral22

MITRE ATT&CK Enterprise v15

Tasks