Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
7SecuriteIn...44.exe
windows7-x64
7SecuriteIn...44.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
1$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3$SYSDIR/Cr...86.dll
windows7-x64
1$SYSDIR/Cr...86.dll
windows10-2004-x64
1$SYSDIR/PECSP.dll
windows7-x64
1$SYSDIR/PECSP.dll
windows10-2004-x64
1$SYSDIR/Po...CB.dll
windows7-x64
5$SYSDIR/Po...CB.dll
windows10-2004-x64
5$SYSDIR/et...CB.dll
windows7-x64
1$SYSDIR/et...CB.dll
windows10-2004-x64
1$SYSDIR/et..._s.dll
windows7-x64
1$SYSDIR/et..._s.dll
windows10-2004-x64
1$SYSDIR/iesign.dll
windows7-x64
1$SYSDIR/iesign.dll
windows10-2004-x64
1AddTrustSite.exe
windows7-x64
1AddTrustSite.exe
windows10-2004-x64
1dojra.exe
windows7-x64
1dojra.exe
windows10-2004-x64
3General
-
Target
SecuriteInfo.com.BScope.Trojan.Yakes.32515.19044.exe
-
Size
1.2MB
-
Sample
240304-qt543ace59
-
MD5
c8d8ff6643f95ce2542e5b5f35f55d5d
-
SHA1
b169b6dd0cb019d3999271ec7115bbe92aa48560
-
SHA256
1e77da5e92e35545023c369348c16d962738bc62819bf231557db3ff307c2be2
-
SHA512
c4a5aef8503468fb9a3e0d3a11bc20960d9f59e5e499279b97e3cc8571f62bf9985f576e15fbb38eb9bf0045d051828700d5755b0d23c64a858aed9d0cef8cb5
-
SSDEEP
24576:neLVr0B/ziNR1qXf4gYZE9yOQRXL9TUydhXaAIyiI3WyD7DHD:k10WNvqXf4gYhOiXLlUil
Behavioral task
behavioral1
Sample
SecuriteInfo.com.BScope.Trojan.Yakes.32515.19044.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.BScope.Trojan.Yakes.32515.19044.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240220-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
$SYSDIR/CryptoKit.CertEnrollment.Pro.x86.dll
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
$SYSDIR/CryptoKit.CertEnrollment.Pro.x86.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
$SYSDIR/PECSP.dll
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
$SYSDIR/PECSP.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
$SYSDIR/PowerEnterCCFCCB.dll
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
$SYSDIR/PowerEnterCCFCCB.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral15
Sample
$SYSDIR/et199aCSP_BDCB.dll
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
$SYSDIR/et199aCSP_BDCB.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
$SYSDIR/et199aCSP_BDCB_s.dll
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
$SYSDIR/et199aCSP_BDCB_s.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral19
Sample
$SYSDIR/iesign.dll
Resource
win7-20240215-en
Behavioral task
behavioral20
Sample
$SYSDIR/iesign.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
AddTrustSite.exe
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
AddTrustSite.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral23
Sample
dojra.exe
Resource
win7-20240215-en
Behavioral task
behavioral24
Sample
dojra.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
SecuriteInfo.com.BScope.Trojan.Yakes.32515.19044.exe
-
Size
1.2MB
-
MD5
c8d8ff6643f95ce2542e5b5f35f55d5d
-
SHA1
b169b6dd0cb019d3999271ec7115bbe92aa48560
-
SHA256
1e77da5e92e35545023c369348c16d962738bc62819bf231557db3ff307c2be2
-
SHA512
c4a5aef8503468fb9a3e0d3a11bc20960d9f59e5e499279b97e3cc8571f62bf9985f576e15fbb38eb9bf0045d051828700d5755b0d23c64a858aed9d0cef8cb5
-
SSDEEP
24576:neLVr0B/ziNR1qXf4gYZE9yOQRXL9TUydhXaAIyiI3WyD7DHD:k10WNvqXf4gYhOiXLlUil
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
14KB
-
MD5
325b008aec81e5aaa57096f05d4212b5
-
SHA1
27a2d89747a20305b6518438eff5b9f57f7df5c3
-
SHA256
c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b
-
SHA512
18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf
-
SSDEEP
192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
c17103ae9072a06da581dec998343fc1
-
SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
-
SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
-
SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
-
SSDEEP
192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score3/10 -
-
-
Target
$PLUGINSDIR/UserInfo.dll
-
Size
4KB
-
MD5
7579ade7ae1747a31960a228ce02e666
-
SHA1
8ec8571a296737e819dcf86353a43fcf8ec63351
-
SHA256
564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5
-
SHA512
a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b
Score3/10 -
-
-
Target
$SYSDIR/CryptoKit.CertEnrollment.Pro.x86.dll
-
Size
365KB
-
MD5
82d37ed4ff82ebb05447f3d42a1532dd
-
SHA1
8e90812d31a05d427208a719ac75ae39a86aa5b3
-
SHA256
630ac2ccbdbcfc42d640d53977e2eab0ef1ae712f49781099edb1022bdba52e9
-
SHA512
7059d415cc78fb257f6ccd3de6fdae42bec613844414449cd07e395df3e76282ee4da2c67aa08d65808ea411412bed2579505df687fa0a70d4d3934ddd87e209
-
SSDEEP
6144:9rotoj09rxQkMTRlJOpRM+M/6ceVuIayZBEIv/tr:9ro+ju9QkMTRlJOpRM+fr
Score1/10 -
-
-
Target
$SYSDIR/PECSP.dll
-
Size
157KB
-
MD5
3d82bb5002195fbd020e0335ef163755
-
SHA1
4c63861f6f165c0ed5a7f3b4208d6faa58162713
-
SHA256
d9d3212af22e384727c9c61ea8f4c5c92f435901ec2a1d49c1a921065efcda9f
-
SHA512
22c2348c34b588ef7492d29dcb13f32ae80f4476ce6845634f9e1d79bcdf9c9ecac4fbe0181b24195a76b1e2652b0dc5c719af4db6c49f9f32a32ecdc0d303b5
-
SSDEEP
1536:1hCzOs2pViinW7dxPU20aSi4fvp8gKjjR8Li5suIbptn4RtysGyNaKJcaFCnd:7vs6kUfW+LiJIgtysGyNaK3A
Score1/10 -
-
-
Target
$SYSDIR/PowerEnterCCFCCB.ocx
-
Size
835KB
-
MD5
52b115b1432264b16a055a2f04f2b0e3
-
SHA1
32e660e7a2d8f058fe46984d512fbbbe6c2f4a80
-
SHA256
4f7181b4a0f03dc31496d84a37dcd7a34c3fe079f015ae785117bcfecff8dc8f
-
SHA512
46dda1a10699bbe88238e0da1d83b5fd2a1cc5f1284bb7034087842b4a954e2865a9a9e15ff3fd6a98a491401f451b655e564b507a32d10c97bd0148d44ab506
-
SSDEEP
24576:1tk1+gvdVqxNb8pxuuBoe4fa0dot1xDxBt/FlR4aGX5F4c:01RVUbexuuBFydoNzlRS5q
Score5/10-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
$SYSDIR/et199aCSP_BDCB.dll
-
Size
180KB
-
MD5
547053dee1a327a345ee46fb6ff841f5
-
SHA1
9b30c2070ed9f583ab17746b9be3b17b143da4a3
-
SHA256
a0879e2909d8d59acf6b8c8660900f36ba8fb21110a0b04a68e107a6798e731c
-
SHA512
f5dd2a453a77bda4a94cea7d110137e334af285bf75ee14c43232c98c901d3038a16a5a67dc38de4425cfa92b77c62a424f1c79cd8bc5706b9b5651f18d64fdb
-
SSDEEP
3072:9wlnW9/L3Th4uIv7UNbLgjl4IbwSKeH7n/cR6esaGpIceY31uJW:0WdD67CbLgjyIboebn0RDC3
Score1/10 -
-
-
Target
$SYSDIR/et199aCSP_BDCB_s.dll
-
Size
10KB
-
MD5
6b27956ba886ee230281d205e09e91a9
-
SHA1
d5c7d9297df241b52573d03185a66528a84f5488
-
SHA256
3df383f4b0195620badc0bb9f5e1d86ebdb4975b60da4b910a26fee9b4af474f
-
SHA512
e7b9d770ef04dda2c2cf144c218851b2b933d59395caff6594e70d0d71db4a78319a51bcbd3479668ab7dad56acee4a24cc3c4206186ad6cc91f5314a498212a
-
SSDEEP
96:Dpn00KCDOVnXB+im0KcOqW/PLZISj0epuVuw6YQCcTvka9IN80KIbWUksykajqq1:PAXBRQC3a9C8nZUadXe/09OFH
Score1/10 -
-
-
Target
$SYSDIR/iesign.ocx
-
Size
155KB
-
MD5
914c992f98a33f4729b950174a8b73b6
-
SHA1
4e5f6d46fe7819fc696e00f3c9e258306fb392fd
-
SHA256
407329fe7d2f0e1a7690af1421f68fcd468f370083da7aa74959644ed271d8d1
-
SHA512
a8fb85c46e06e7661fef207a49a8370337dd69b9ce902d2483f2c676abc4faec717d41d497fcf80c8d50722109134193334122a38617769a6888f39cf717f604
-
SSDEEP
1536:vY33ZuUzhr6jHU+CPDqPJoH8AnQ3hzNBxvyHeabyn744ccQVxMEtWSRxb:oZdzhr6j0DPDz7kDb2wc4ccQVxMehb
Score1/10 -
-
-
Target
AddTrustSite.exe
-
Size
43KB
-
MD5
a3bd4c9aed40f4775077f911f8d042ef
-
SHA1
b129ecdc97d358f50b9a5a8ef7caa779b94c0206
-
SHA256
3de8fcad1b5c65bd00ad617d403013e049043f281726881e42ee41fcaa0b35ac
-
SHA512
1e56d91dac46858fbc9b83115f2a6b623112aae67ba35d73ac17cfab2ae59470985b777be6ce77620ef25dc0953722d62602053bcee5084c64bded61e031f5dc
-
SSDEEP
384:V9pTdemeUSmGunoLLfdECZj18y2hqps2b9CVlFQnYPL5xFeM55:VrgO1gfJj8bcpsUoVlFQc5
Score1/10 -
-
-
Target
dojra.exe
-
Size
31KB
-
MD5
e5923a61cc4cbe7e330c76ec9719792f
-
SHA1
cff82ea518033fff99a6d6a1e0cb7e66ae3decb9
-
SHA256
79025c58910e5884e35d45439518aa202c8e28ca325c63759ed008b9f3a9dc48
-
SHA512
4115b654e4d5bf57730bbeea0c2251917ec71f2e90153e754447eda0af4783e10819de1bb9f62be45690bd6d76bf67b07c52f76622395541f038bce3e8e47d1a
-
SSDEEP
384:ahXifRW5BzB6nmlXNXyypJSoELl4nYPL5xFeMIS:ahXQgB6EykAFLl4bS
Score3/10 -