Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

6e72f7a643...cb.exe

windows7-x64

4

6e72f7a643...cb.exe

windows10-2004-x64

5

$PLUGINSDI...ne.dll

windows7-x64

1

$PLUGINSDI...ne.dll

windows10-2004-x64

1

$PLUGINSDI...ip.dll

windows7-x64

1

$PLUGINSDI...ip.dll

windows10-2004-x64

1

$PLUGINSDIR/INetC.dll

windows7-x64

3

$PLUGINSDIR/INetC.dll

windows10-2004-x64

3

$PLUGINSDI...er.dll

windows7-x64

1

$PLUGINSDI...er.dll

windows10-2004-x64

1

$PLUGINSDI...on.dll

windows7-x64

1

$PLUGINSDI...on.dll

windows10-2004-x64

1

$PLUGINSDI...er.exe

windows7-x64

4

$PLUGINSDI...er.exe

windows10-2004-x64

5

$PLUGINSDI...ls.dll

windows7-x64

1

$PLUGINSDI...ls.dll

windows10-2004-x64

1

$PLUGINSDI...en.dll

windows7-x64

1

$PLUGINSDI...en.dll

windows10-2004-x64

1

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...p.html

windows7-x64

1

$PLUGINSDI...p.html

windows10-2004-x64

1

$PLUGINSDI...x.html

windows7-x64

1

$PLUGINSDI...x.html

windows10-2004-x64

1

$PLUGINSDI...app.js

windows7-x64

1

$PLUGINSDI...app.js

windows10-2004-x64

1

$PLUGINSDI...uts.js

windows7-x64

1

$PLUGINSDI...uts.js

windows10-2004-x64

1

$PLUGINSDI...dle.js

windows7-x64

1

$PLUGINSDI...dle.js

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6e72f7a643a9e32b5fcfe91da5231ccb.bin

  • Size

    2.1MB

  • Sample

    240213-czemeacc87

  • MD5

    6e72f7a643a9e32b5fcfe91da5231ccb

  • SHA1

    b60779302c72f0c2a3dc875b9d9f55e773f39bd4

  • SHA256

    c5d72882d52181b2d08d2effd354b51042aade239139780a6dd0bcfd62fd6752

  • SHA512

    b8aedf4dcf8ee6067a25e0ab0c8abcf28a9a3b33597f2cbb153adc9e772159f4e92b24ba701d61b8d3016e7bac47eb5c8e1abbcade515df8283fdc39c636ca98

  • SSDEEP

    49152:COB2qRxE87vxpsrFpIvVziaEszYMNHzCcm:Co2qTPN+TIv5pEZh

Score
7/10
persistenceupx

Malware Config

Targets

    • Target

      6e72f7a643a9e32b5fcfe91da5231ccb.bin

    • Size

      2.1MB

    • MD5

      6e72f7a643a9e32b5fcfe91da5231ccb

    • SHA1

      b60779302c72f0c2a3dc875b9d9f55e773f39bd4

    • SHA256

      c5d72882d52181b2d08d2effd354b51042aade239139780a6dd0bcfd62fd6752

    • SHA512

      b8aedf4dcf8ee6067a25e0ab0c8abcf28a9a3b33597f2cbb153adc9e772159f4e92b24ba701d61b8d3016e7bac47eb5c8e1abbcade515df8283fdc39c636ca98

    • SSDEEP

      49152:COB2qRxE87vxpsrFpIvVziaEszYMNHzCcm:Co2qTPN+TIv5pEZh

    Score
    5/10
    persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/CommandLine.dll

    • Size

      68KB

    • MD5

      12087fa219501ee5ed041c2dc499be9e

    • SHA1

      f10561d3fef821f0e5a479a6b2aa746c74a823cc

    • SHA256

      3abc067dff4a0f5a7f5a0607e512ce8b8e8880f1ef9bc7f8031342dca6a970f6

    • SHA512

      f63c0c9757ce99984be94b22a2ebfefccaba8fafa0ac914184ab83b097d0f23b24938179ecf95f96f87b06f1b3e0f9e2c9e3b4a78b618ac658ec28703b7c7613

    • SSDEEP

      1536:vZj9JT17qpL/6ePMqBNzrstoJSkrjbgbwzis3hwb7PK3h0lS:vx9JT17WPMqBNWAkbwzi7bdlS

    Score
    1/10
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/DotNetZip.dll

    • Size

      467KB

    • MD5

      190e712f2e3b065ba3d5f63cb9b7725e

    • SHA1

      75c1c8dd93c7c8a4b3719bb77c6e1d1a1620ae12

    • SHA256

      6c512d9943a225d686b26fc832589e4c8bef7c4dd0a8bdfd557d5d27fe5bba0f

    • SHA512

      2b4898d2d6982917612d04442807bd58c37739b2e4b302c94f41e03e685e24b9183b12de2057b3b303483698ad95e3a37795e6eb6d2d3b71e332b59deeca7d02

    • SSDEEP

      6144:GuCInHLhJI4FY/ixjci6ychf8xalGQGtSV41kJDsTDDpBnse6OVxLV/Wo0k:UQL32ikCaUS4csRBse6sfWNk

    Score
    1/10
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/INetC.dll

    • Size

      24KB

    • MD5

      640bff73a5f8e37b202d911e4749b2e9

    • SHA1

      9588dd7561ab7de3bca392b084bec91f3521c879

    • SHA256

      c1e568e25ec111184deb1b87cfda4bfec529b1abeab39b66539d998012f33502

    • SHA512

      39c6c358e2b480c8cbebcc1da683924c8092fb2947f2da4a8df1b0dc1fdda61003d91d12232a436ec88ff4e0995b7f6ee8c6efbdca935eaa984001f7a72fea0a

    • SSDEEP

      384:wv1j9e9dEs+rN+qFLAjNXT37vYnOrvFhSL+ZwcSyekzANZBJ:w1AvEs3HBLzYn29vYh

    Score
    3/10
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/Microsoft.Win32.TaskScheduler.dll

    • Size

      124KB

    • MD5

      20a07b7ae9e57e7a10cde3f3f356b502

    • SHA1

      27b1c4af8ee587b62956d8170f7beec57d011e28

    • SHA256

      c125e8ffef7a3fa810f3335a445e7067a1d85698767b89910421a8eafe25873e

    • SHA512

      703a16ecc4f4894fb1c92d7d6ccca1e104cf7ddbd11a20acbffa677177db3b53640f0624fc95809babb1725eb5ea657bc4b9e17393021318cd5d7ed087777eea

    • SSDEEP

      3072:MBCeNh/pcfnLq3wyXYsKRNRwxz+gT37teucRpH0dah:MB/w4xQWOHh

    Score
    1/10
    behavioral10behavioral9

    • Target

      $PLUGINSDIR/Newtonsoft.Json.dll

    • Size

      692KB

    • MD5

      98cbb64f074dc600b23a2ee1a0f46448

    • SHA1

      c5e5ec666eeb51ec15d69d27685fe50148893e34

    • SHA256

      7b44639cbfbc8ddac8c7a3de8ffa97a7460bebb0d54e9ff2e1ccdc3a742c2b13

    • SHA512

      eb9eabee5494f5eb1062a33cc605b66d051da6c6990860fe4fd20e5b137458277a636cf27c4f133012d7e0efaa5feb6f48f1e2f342008482c951a6d61feec147

    • SSDEEP

      12288:p9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3SH:p8m657w6ZBLmkitKqBCjC0PDgM5CH

    Score
    1/10
    behavioral11behavioral12

    • Target

      $PLUGINSDIR/OWInstaller.exe

    • Size

      297KB

    • MD5

      cb0fdec0351bd03406e5c9b09840fa46

    • SHA1

      590d08d87583dbf3d96633e8805d9113ae7639bc

    • SHA256

      178c77481ea427cc4c61a65c7c01c8c22bdd2652d73111ad7cac733375c6a2cc

    • SHA512

      961fc5de32ef8e309e94a78471f48d37291334508d15d515e53623e94deb50ac4899ea36ba9688d15a2ffa1e755a51de9e2e1f9e3e2716a29778c0fe33ef3c63

    • SSDEEP

      6144:3M4vsZuOH4vfyMwvQwEPUI7V09b4qoSIm9t06232IL9plahcv:3M4vsYO3EPrJkoSN0TLl

    Score
    5/10
    persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    behavioral13behavioral14

    • Target

      $PLUGINSDIR/OverWolf.Client.CommonUtils.dll

    • Size

      620KB

    • MD5

      f0a52c90e48a852cf8c09a05779d12b2

    • SHA1

      2bc06f825be32d0e7f80be679b44f4398528ac63

    • SHA256

      98cba46ac87d97546c13ed2ff7dc2ee14666f6f343d20bf3af42635dfd573935

    • SHA512

      75f38ec268d9e0c7084478c2c39f399fcf50f48185e30803b2699590d7919f224d3e8bb8cce3a1b1ef82c239865336f2aec12690f6591f5c960f57484905ab1b

    • SSDEEP

      6144:mrfjuCGVVdZ17jYh8vdTzfhw3mXcSxpaVDtojdUH7Hl7Ib8fYtjQikzOulz2wada:m7j6z17jG8vdxb/xYtoRU/sjk7lb2TG

    Score
    1/10
    behavioral15behavioral16

    • Target

      $PLUGINSDIR/SharpRaven.dll

    • Size

      80KB

    • MD5

      aa0a5c9e1dfdedc639fd64771bdea1f2

    • SHA1

      7cd2568da1140d3b1886728f665014a276ff7eda

    • SHA256

      00401aed01c20d0d04ceb51b3519362c078816de475fdc8ef168218db015e7e3

    • SHA512

      612b86b47df10547111ad920f16bda49aa4e0666fd49791fb8441bc1dc0f19289f93676b3ba6b4e9b038f60d988b5b2f16fc1a4f3c552e73541d32f9154175a8

    • SSDEEP

      1536:va9qjviI1YjOrfRK9bvyyfpHbnzDwkN7PT3h/6:vEuqI1lRKbvyyB7nlNp6

    Score
    1/10
    behavioral17behavioral18

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      7399323923e3946fe9140132ac388132

    • SHA1

      728257d06c452449b1241769b459f091aabcffc5

    • SHA256

      5a1c20a3e2e2eb182976977669f2c5d9f3104477e98f74d69d2434e79b92fdc3

    • SHA512

      d6f28ba761351f374ae007c780be27758aea7b9f998e2a88a542eede459d18700adffe71abcb52b8a8c00695efb7ccc280175b5eeb57ca9a645542edfabb64f1

    • SSDEEP

      192:eF2HS5ih/7i00dWz9T7PH6lOFcQMI5+Vw+bPFomi7dJWsP:rSUmlw9T7DmnI5+N273FP

    Score
    3/10
    behavioral19behavioral20

    • Target

      $PLUGINSDIR/UserInfo.dll

    • Size

      4KB

    • MD5

      9301577ff4d229347fe33259b43ef3b2

    • SHA1

      5e39eb4f99920005a4b2303c8089d77f589c133d

    • SHA256

      090c4bc8dc534e97b3877bd5115eb58b3e181495f29f231479f540bab5c01edc

    • SHA512

      77dc7a1dedaeb1fb2ccefaba0a526b8d40ea64b9b37af53c056b9428159b67d552e5e3861cbffc2149ec646fdfe9ce94f4fdca51703f79c93e5f45c085e52c79

    Score
    3/10
    behavioral21behavioral22

    • Target

      $PLUGINSDIR/app/cmp.html

    • Size

      5KB

    • MD5

      d7b8b31b190e552677589cfd4cbb5d8e

    • SHA1

      09ffb3c63991d5c932c819393de489268bd3ab88

    • SHA256

      6c21e8c07ce28327dca05f873d73fe85d5473f9b22a751a4d3d28931f5d0c74f

    • SHA512

      32794507a4b9a12e52ceb583222cb93300e38c634a72ea3f51a0189127aba60cf476fb7918942355a4f826185d7071e876cb40348ba34cf5d1ca7e9546ccb310

    • SSDEEP

      48:t9rc0/GLAoShbEHaLKNGiNQtvmolOGR36tgtr/GTvJP8AscaV4LiMt7ByBZXGz+p:4VLjHa2NGiivmmpWsBVutFwAk5vSG

    Score
    1/10
    behavioral23behavioral24

    • Target

      $PLUGINSDIR/app/index.html

    • Size

      20KB

    • MD5

      2822a4d01b4f0d0299207626845c6ce2

    • SHA1

      a02ca32d5eb26ea382692acf4973dbc3b230dfd0

    • SHA256

      1f16a65e36c0ee3ec05c4478b12552e89b5ab5cb4863e69823912ee6c429161b

    • SHA512

      9f8fd6a8f8a6c915a3c826b66cdf6d5e49a920c5cff9f71ce09d9f8009177a8a9ace886920575b5d14dfca2d6a0f275851162d6b206aa65cfb75bba94e86571e

    • SSDEEP

      192:8sdqpDNDPkFHmY74+/qmtRCtmK8W9I2gHHMlxh8B39LJ/Hab48JgJnc5w/93mJ8G:+WNaM8UnbjPkZ9+mppH3

    Score
    1/10
    behavioral25behavioral26

    • Target

      $PLUGINSDIR/app/js/app.js

    • Size

      22KB

    • MD5

      715d53e963a034a3721aee76d1c4e8f6

    • SHA1

      4643837ab7d2249fbda6ed23d025ef738cfa6317

    • SHA256

      5b8ab6d562e131159c89eebfc2f665a4a496c8621ef34efcabf7b0a9e1e85b1c

    • SHA512

      15018563724d17dd22c38daa51c8208286f81e8eea6784ff70f46d81cb3385635b688ccd775734f0e4bfd086189c5db721f2bb76daee4e6d6aad02075e44dee7

    • SSDEEP

      384:4X+acDQFcljKdZGb9plmt902wjI3A4vnzwF52xxYRifG6wXR3FGHWdMxj8T:0+acDQ+lOdEbdmXH3A4vnzIAnGifG1X9

    Score
    1/10
    behavioral27behavioral28

    • Target

      $PLUGINSDIR/app/js/block_inputs.js

    • Size

      789B

    • MD5

      b5b52c92b90f4283a761cb8a40860c75

    • SHA1

      7212e7e566795017e179e7b9c9bf223b0cdb9ec2

    • SHA256

      f8dbd6793b35f7a26806f4dabad157aaafdf6d66fad094b50c77d60f223fd544

    • SHA512

      16ad53ede5424ca1384e3caea25225589e9eec9e80e2d845948802db90fad222f709a7b651cd7601a34ba67a0627433f25764638fd542cbd4612871308e7b353

    Score
    1/10
    behavioral29behavioral30

    • Target

      $PLUGINSDIR/app/js/libs/cmp.bundle.js

    • Size

      324KB

    • MD5

      1de143ca1babd3c02744f478c8c05c5f

    • SHA1

      ac918b3d2d5f9cbd9e3b3f5e075ce3c96eec16b3

    • SHA256

      7fbc3a088ec303143109e0c1b2c04f4c5a6e450a2d6f3071fefb66e92f643ea0

    • SHA512

      6e419e11f35a3258124127970961907ed8fe0619f618a4c15542ee7f8a01a9f4a7af4d290b634444d21b823ca1afea65f97d5788fff6665d55c2231214edff24

    • SSDEEP

      3072:LWYyrzt6yrtky1UDtDkNdAOoSPGYTckZtVPuuXheQ:oF6yrKD5kNYYTcIp

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

upx
Score
7/10

behavioral1

Score
4/10

behavioral2

persistence
Score
5/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
4/10

behavioral14

persistence
Score
5/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
3/10

behavioral20

Score
3/10

behavioral21

Score
3/10

behavioral22

Score
3/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10