Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
8Static
static
3x64 beta/A...ss.dll
windows7-x64
1x64 beta/A...ss.dll
windows10-2004-x64
1x64 beta/beta.exe
windows7-x64
7x64 beta/beta.exe
windows10-2004-x64
7$PLUGINSDI...ls.dll
windows7-x64
3$PLUGINSDI...ls.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3LICENSES.c...m.html
windows7-x64
1LICENSES.c...m.html
windows10-2004-x64
1beta.exe
windows7-x64
7beta.exe
windows10-2004-x64
7d3dcompiler_47.dll
windows10-2004-x64
1ffmpeg.dll
windows7-x64
1ffmpeg.dll
windows10-2004-x64
1libEGL.dll
windows7-x64
1libEGL.dll
windows10-2004-x64
1libGLESv2.dll
windows7-x64
1libGLESv2.dll
windows10-2004-x64
1resources/elevate.exe
windows7-x64
1resources/elevate.exe
windows10-2004-x64
1swiftshade...GL.dll
windows7-x64
1swiftshade...GL.dll
windows10-2004-x64
1swiftshade...v2.dll
windows7-x64
1swiftshade...v2.dll
windows10-2004-x64
1vk_swiftshader.dll
windows7-x64
1vk_swiftshader.dll
windows10-2004-x64
1vulkan-1.dll
windows7-x64
1vulkan-1.dll
windows10-2004-x64
1$PLUGINSDI...7z.dll
windows7-x64
3$PLUGINSDI...7z.dll
windows10-2004-x64
3x64 beta/d...h..bat
windows7-x64
8General
-
Target
x64 beta.zip
-
Size
168.7MB
-
Sample
240219-wtfr3aac5v
-
MD5
dd6c1b2995c77a00cda82abcd981f6ef
-
SHA1
74544b5c736b8544a6b76991f83a8de788dc32d2
-
SHA256
5dfa7816c521fa59c1e558ca48e39632257afa88b97b901160e2ff97ad63e681
-
SHA512
bddea2d267a46cff218270bfb890be1d6c94b9c83a86c24a4d87f6560706f84b4beb2bb57a90f39832870cc622d38bde47659c59dce6cc96b160fc9d81c4c287
-
SSDEEP
3145728:NkqcdhePd9JkGwazLJAZ1MrvNrrDe0/xcWFnn/0Wn4O7sgWBLXtMTpsAW3L:6XQd9ybazL+ZGVrDe0JTnn/0Wt7sgWZX
Static task
static1
Behavioral task
behavioral1
Sample
x64 beta/AntiBypass.dll
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
x64 beta/AntiBypass.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
x64 beta/beta.exe
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
x64 beta/beta.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20231215-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral9
Sample
LICENSES.chromium.html
Resource
win7-20231215-en
Behavioral task
behavioral10
Sample
LICENSES.chromium.html
Resource
win10v2004-20231215-en
Behavioral task
behavioral11
Sample
beta.exe
Resource
win7-20231215-en
Behavioral task
behavioral12
Sample
beta.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral13
Sample
d3dcompiler_47.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral14
Sample
ffmpeg.dll
Resource
win7-20231215-en
Behavioral task
behavioral15
Sample
ffmpeg.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral16
Sample
libEGL.dll
Resource
win7-20231215-en
Behavioral task
behavioral17
Sample
libEGL.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral18
Sample
libGLESv2.dll
Resource
win7-20231215-en
Behavioral task
behavioral19
Sample
libGLESv2.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral20
Sample
resources/elevate.exe
Resource
win7-20231215-en
Behavioral task
behavioral21
Sample
resources/elevate.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral22
Sample
swiftshader/libEGL.dll
Resource
win7-20231215-en
Behavioral task
behavioral23
Sample
swiftshader/libEGL.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral24
Sample
swiftshader/libGLESv2.dll
Resource
win7-20231215-en
Behavioral task
behavioral25
Sample
swiftshader/libGLESv2.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral26
Sample
vk_swiftshader.dll
Resource
win7-20231215-en
Behavioral task
behavioral27
Sample
vk_swiftshader.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral28
Sample
vulkan-1.dll
Resource
win7-20231215-en
Behavioral task
behavioral29
Sample
vulkan-1.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral30
Sample
$PLUGINSDIR/nsis7z.dll
Resource
win7-20231215-en
Behavioral task
behavioral31
Sample
$PLUGINSDIR/nsis7z.dll
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
x64 beta/AntiBypass.dll
-
Size
713KB
-
MD5
2a4a33f9d45a5aada45f81e91278afd7
-
SHA1
7cbf42cbf24219db0c97428a5099ba16cd88a415
-
SHA256
c4eabfee8166163d5b03661d6af42c50734b39feba45fe54cfff7b315570d4d0
-
SHA512
d6bf8eddaf83c2b5ce2d1a3e5a1666de22a370d468ecc9f0ef49b3e5e12eeabdb44315c71984135a24e9b53cd77b214d613aa00ce7cfeead5b6afb6d50a0e3c6
-
SSDEEP
12288:RqKd5JFifKBFtgzbBky8fI5nRYZsHaBEyFot2wAp+Nrda7ESLqlF3YeYsSSFvO:lgKBFt2ORfIfdHaBEyFoBAerkAr6PfS5
Score1/10 -
-
-
Target
x64 beta/beta.exe
-
Size
71.1MB
-
MD5
fd87d8504bff1dd114e6ab4612b3670d
-
SHA1
8b75489ddf95d5452ff48ec6324d4e585b4bb7c3
-
SHA256
49291064e6fc7fe3968d7f2208823fca919d13e77129160689cca788a1fe80f6
-
SHA512
d550f6ec0de45ef3aaca5bd0bb6d3f3870afc5759d7549d4a6714bf6c802d42dc5a4fed6bedd5d021475552e7bb785aaa8ee01c6e5721f6cc03b41707aaff89d
-
SSDEEP
1572864:54/4rzOchPh5FmfnPd5I+fC3QVkh8w61pdvQNuDJ7:+kqcdhePd9JkGwazLJ7
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
$PLUGINSDIR/StdUtils.dll
-
Size
100KB
-
MD5
c6a6e03f77c313b267498515488c5740
-
SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15
-
SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
-
SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
-
SSDEEP
3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
0d7ad4f45dc6f5aa87f606d0331c6901
-
SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457
-
SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
-
SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
-
SSDEEP
192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score3/10 -
-
-
Target
LICENSES.chromium.html
-
Size
5.2MB
-
MD5
df37c89638c65db9a4518b88e79350be
-
SHA1
6b9ba9fba54fb3aa1b938de218f549078924ac50
-
SHA256
dbd18fe7c6e72eeb81680fabef9b6c0262d1d2d1aa679b3b221d9d9ced509463
-
SHA512
93dd6df08fc0bfaf3e6a690943c090aefe66c5e9995392bebd510c5b6260533b1522dc529b8328dfe862192e1357e9e98d1cdd95117c08c76be3ab565c6eea67
-
SSDEEP
12288:/7etnqnVnMnBnunQ9RBvjYJEi400/Q599b769B9UOE6MwMGucMEbHDuX0YnpWQZb:sPM95FCWStQj6ERs/mfMl6H0skDpS
Score1/10 -
-
-
Target
beta.exe
-
Size
139.5MB
-
MD5
809ca215de4598350eaeddb5a94ebbba
-
SHA1
caccfadb6b96dc6155696f6309c3ea492078bb5c
-
SHA256
0f702f8ac538e810649808f0d9b6000e1aa4360849633c0ed76ec36e2cfc8332
-
SHA512
1521a30cf760277a24ed1446d29eb71af297582ac2d8b4546a322ec9690a8094963a194d7f2fdec65e2e59673c8f912557182e673af8d46cd29bd20989cdae36
-
SSDEEP
786432:f14w5ThzHwQBgmoLWv+K18nCzKdo5DTdvfMQr6SSmPuvh8tSIW68:f14kpHwQjCWv+K18CedmVvEQEpcJW
Score7/10-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
d3dcompiler_47.dll
-
Size
4.3MB
-
MD5
7641e39b7da4077084d2afe7c31032e0
-
SHA1
2256644f69435ff2fee76deb04d918083960d1eb
-
SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47
-
SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5
-
SSDEEP
49152:aYlc/220PPiMLKam+VMrLi21f4i3jn5ZO3XUDmOZQwVd2uQpN3WsGVUWd55i/jrs:a6KD2Mrdaix4NQnLt
Score1/10 -
-
-
Target
ffmpeg.dll
-
Size
2.6MB
-
MD5
c3842fb3087cdcdb04020ac38683c289
-
SHA1
329dbcd4a1c79b891b200f11eb50194b85c493bc
-
SHA256
e79792af338d61424bac87a19c6f34f3b4bc1382345633b8d509253a0a6c2133
-
SHA512
069196b8006e908954e7ab16131a0d10889a0f7517eaab2423a82fe49fb9b045c0d95dbf7c08c10ddf1a21983aea4a0d207decf91baacff0884511589a57dec5
-
SSDEEP
49152:JcMr6+FXptsXTmgP7he370olRK+KCKyRb+kyqVZWxX0b4unfruHw:RKer0olGyByEf8
Score1/10 -
-
-
Target
libEGL.dll
-
Size
437KB
-
MD5
8352fd22f09b873193cabc2932be92f0
-
SHA1
5bd2b58854b279f1733c5f54ea2669ee8a888d9e
-
SHA256
14a4aaa010be14762edfee01fd1f6b9943471eb7a2f9011a2b5c230461cd129c
-
SHA512
7281e980f2e82f1cc8173d9f8387a97f6e23ec5099ed8dca02222c4e17fa4cfef59d6aa300b1cf06d502bdcf77d9a6dbb08ad6658ae0a28ae6f9f995109da0d2
-
SSDEEP
6144:odpiWYLBViWOSdAr1Knk2mI3LpxE0RYqowpW6VmHrtff1FI:ipvYLbiWBqrQnPxE0cKmHZ3P
Score1/10 -
-
-
Target
libGLESv2.dll
-
Size
6.7MB
-
MD5
b6a433dc7b4030fb17bd1683a9606b6e
-
SHA1
0602c50532e3f13facc67bd95a048c470e88afcc
-
SHA256
f7ae57a1d7d3e284714ca354f5292aa9b75086489cbfba8b1f54548445b6b3e9
-
SHA512
b9ba2e20ec878e3acae93d8254e69374e391fd4a3d5c1833282c43896d123baa874f1088839f3bbcf05539eda0e2aeaef28d7742ab8e20ec788382501e2152b1
-
SSDEEP
49152:aYKj6OhH5vSqGZ/UUopyV+gsIm3H9VnT+EisbCQ12+Q6nUBnKJ/lwE2f9rgqFnka:CvSqGZaVoH9xz+TPYrijOxm
Score1/10 -
-
-
Target
resources/elevate.exe
-
Size
105KB
-
MD5
792b92c8ad13c46f27c7ced0810694df
-
SHA1
d8d449b92de20a57df722df46435ba4553ecc802
-
SHA256
9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
-
SHA512
6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40
-
SSDEEP
3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l
Score1/10 -
-
-
Target
swiftshader/libEGL.dll
-
Size
450KB
-
MD5
19dc9ee70e7765bb63a66b6826e8ecb7
-
SHA1
1a12f983f8b35cc2955d30657971f113c47dc164
-
SHA256
83d5719abee35e051d984510e1d5d9317a109031698814742b59bdbbe7d4e30f
-
SHA512
1fda2bcc4b2e70987ca6011ab2534007ae4f752016d29a588aaae839bb25c35e03773f220b6a8e926cf2643997e7d4c0f28743304269b2c55642ce12934def68
-
SSDEEP
6144:gFzcMPKWOp0q29LDwK3p3KHvDstVpphcSGbwSi6DH0hl:g2WOOqiLDrthhcSGnc
Score1/10 -
-
-
Target
swiftshader/libGLESv2.dll
-
Size
3.0MB
-
MD5
c0b36d56d83e601bf246f7709a8c5f9d
-
SHA1
b025a6070f7d61c7d1827856d2d4043834fd23f2
-
SHA256
45bb5e1f8dd87129ac0a75c78f8f29d06e3ac182a00fc5199b692068f1e05a53
-
SHA512
e429ae63bd8a7d5a936a638783511693e8fbbc91d97779b3d4dd3f0880f1c8a820106bfb57cf7ee6b3639f19165de87bbe127aadd81218689fc6c8fada2106d1
-
SSDEEP
49152:D0mOy4fytPTlZQPF/IBCfG/owBx8iqQyehF3Hn0gPD2vzFW/GyCbZpjGKiqZ/nYI:DgfyjyeelZ/YNg/Yr
Score1/10 -
-
-
Target
vk_swiftshader.dll
-
Size
4.4MB
-
MD5
de2d91476e625278c30a5f69a1892e05
-
SHA1
4d707f6a801611fb437f5c1cba31b0909bf41506
-
SHA256
02c7f0b926c64f5a19a9aacd5f94ee00be4d576486592e18acc80c0a027b05ba
-
SHA512
d027407539346e5aedd527f5f71de45bace6295e96a7fbefbf273c930d64a791e488e4bdf6ef8db61fc19c80cac52a6e398c2973499c6fedb1e422c3ba71f532
-
SSDEEP
49152:px2VjoakX4pb7QH1fUlTB7zmNmdpTE5NSomaZXYjLlHks2RPF/lOzl+LZ/n6du7F:K2DtJ+wixdag
Score1/10 -
-
-
Target
vulkan-1.dll
-
Size
819KB
-
MD5
b91586bd80e057a7f62bdc4422744812
-
SHA1
a1df644421ece2e740e5bf0ed98b4f269fd85c39
-
SHA256
8ba72d98e0f78b77bda7816cd7232809d287310d34e0f1d7472b9d5fda2c6d02
-
SHA512
94f0a8e3e75e4803891c0fcb257052dbe0e7399772fc7a46ab802629f76ee580ed30b3678fa6bc3744c12cf9f3103bbc8276e88f6711278748148e9fbeef2053
-
SSDEEP
12288:ekyJJLfcn5To6PuXtLvEdGnZSss43uobIoD:JnhoR5Ed8S2ukD
Score1/10 -
-
-
Target
$PLUGINSDIR/nsis7z.dll
-
Size
424KB
-
MD5
80e44ce4895304c6a3a831310fbf8cd0
-
SHA1
36bd49ae21c460be5753a904b4501f1abca53508
-
SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
-
SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df
-
SSDEEP
6144:aUWQQ5O3fz0NG3ucDaEUTWfk+ZA0NrCL/k+uyoyBOX1okfW7w+Pfzqibckl:an5QEG39fPAkrE4yrBOXDfaNbck
Score3/10 -
-
-
Target
x64 beta/dependencies/2024-1-12/auth..bat
-
Size
6KB
-
MD5
8825cf897e698ebbdb8c707bb39d73ca
-
SHA1
dcece549ce6ed0b24ecc1faf80280c225bdcccae
-
SHA256
b332d0f81de5a8eced6109033f05192e2aa5ca3ed0a523367428813924a9a28d
-
SHA512
e3c63dda17128929108ff5492364b4d2df8126f2a8c17d7384ba9f7b0651aec72c11681dd7196f2eef7d693b9b3165b96fc05c98afc40fab9252ef2c7a26e3f9
-
SSDEEP
192:sYHAivgiRwe5f11ATNLCAtMT7/4+tGs1PP/uQz8tz1hNn:8i4iRwe5f11ATNLCAtMT7/4+tGs1PP/M
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
3