Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
4_npp.8.6.portable.x64.zip
-
Size
8.1MB
-
Sample
240215-zgk3ssgf58
-
MD5
f02194a9b940dc9dcbae68ea86e5b766
-
SHA1
73f6102d53637c3cfafb3262133684c9369fef7c
-
SHA256
e4ac8bb0302535061a238b09e6e3a7ca14300439bfa72608a580987702ee8552
-
SHA512
8eb323d56dda5bb240a61bc833bff7103f5abfb45cbf0ec67a185aa1d1d293cb84bb9228b44e1bf4492460a6449b1155df93d444d7256eff9925ea9318d55bdb
-
SSDEEP
196608:7TkWKqkGTSOwUD4LDqIwOnburMbf/PHU7rafMsax9WRO:7Tkb9OwLqlOpf3Uyf2x9WRO
Static task
static1
Behavioral task
behavioral1
Sample
npp.8.6.portable.x64/contextModel.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral2
Sample
npp.8.6.portable.x64/notepad.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
npp.8.6.portable.x64/updater/GUP.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
wikiloader
https://miguelkhoury.com/web/wp-content/themes/twentytwenty/ayboiw.php?id=1
https://mesabierta.org/wp-content/themes/twentytwentyone/nhdxtk.php?id=1
https://mediterraneaclean.com/wp-content/themes/twentythirteen/hcslmt.php?id=1
https://www.joannamalecka.pl/wp-content/themes/twentytwenty/u7arje.php?id=1
Targets
-
-
Target
npp.8.6.portable.x64/contextModel.html
-
Size
2.6MB
-
MD5
8f28087d8d0e716368314c2f1a159280
-
SHA1
7e383ae0f632c02ef98168b6c1a33fd449d6c393
-
SHA256
0b3731c524e6ba716f15087d85eae7e6225b6b51d4ae2fa6c142ff1523f57046
-
SHA512
aa21ab18a12a69ff25b24b1c255b0bdc7961985150b07a7f3f4b0909e212295bd781548cd8ea817f3144dfad845aff93df40a513bdb637db7b89bb08fff01eab
-
SSDEEP
49152:C+sGc1TASKVbmYIBotpg0TunuNeeigv0XIMw4h2pk4PxKS5VinRfepLm7j5:WTAfVbwotpgruNeW0VHhL3S5VicLaj5
Score1/10 -
-
-
Target
npp.8.6.portable.x64/notepad.exe
-
Size
6.8MB
-
MD5
ae07a5be89978600f3094c66ac719eb2
-
SHA1
a281e662b6d1cca0d54cab01a0064b62e7f1f103
-
SHA256
746bbdd8c754b0ac18a226d2a1cc68792c948033932f5723981a2b5f5684d310
-
SHA512
d90f42fb42cf2f5f3ca8d25603666a5b73f11fcc3404597b1c023768cf21083abe0d2b19f3ae2499fba469474e818200ca9937b48ee5406f15bd6f9ea3996151
-
SSDEEP
49152:MuX8nT7KkzbaJ/I1ER5S/qlC1VQHqpyhdRoMSoAMMho/WVEK7yToMoK2w74CS5hg:5/ICR5wPy+elgIXoGJUR6eP4mTr/moG
Score10/10-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies Installed Components in the registry
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
-
-
Target
npp.8.6.portable.x64/updater/GUP.exe
-
Size
818KB
-
MD5
e9be0bc06725c372140838245805dc66
-
SHA1
6eafbbefe6d2b5b6c8fc39dac54881b5f2e61735
-
SHA256
8038960c66ec29e9ee0f027491c8349a158025faee39d069219b5a3297134197
-
SHA512
14831f538f5afd80689db24f7536ef725b75ce235a1ccb7f6795440819461d038cede5beeebd28ffbf9618ae984a0f347a9ffe4c0c10da7b914022174a1688e2
-
SSDEEP
12288:KySK0M5qRxaBr5wFNbgpA0WUVzOR63AczZXBS3CNmBDIOh68ADKbp34zZZ6dNNoq:7qMo2aWqT2KbpIFZ6PNeTw
Score1/10 -