Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
9Static
static
3QtCore4.dll
windows7-x64
3QtCore4.dll
windows10-2004-x64
3QtGui4.dll
windows7-x64
3QtGui4.dll
windows10-2004-x64
3QtNetwork4.dll
windows7-x64
3QtNetwork4.dll
windows10-2004-x64
3libeay32.dll
windows7-x64
1libeay32.dll
windows10-2004-x64
1nksl3_logger.exe
windows7-x64
9nksl3_logger.exe
windows10-2004-x64
9runtime/No..._0.msi
windows7-x64
6runtime/No..._0.msi
windows10-2004-x64
6runtime/handle.exe
windows7-x64
7runtime/handle.exe
windows10-2004-x64
7runtime/vc...08.exe
windows7-x64
7runtime/vc...08.exe
windows10-2004-x64
7ssleay32.dll
windows7-x64
1ssleay32.dll
windows10-2004-x64
1General
-
Target
b7735720e766efee7ba2409e481e7fc8
-
Size
12.0MB
-
Sample
240306-p5manabb9y
-
MD5
b7735720e766efee7ba2409e481e7fc8
-
SHA1
81b2f1c4fad7109c6a7c7d2ea66db86f87abfed0
-
SHA256
5c28511a37fa39869f2d6fef6f8e9c8e282216823ec401803b649d9b79b84260
-
SHA512
05eeaf689ecb791b028f93ae084fb27423279307136202724f0708da85f7dbb7c05a6420e4e0826f034c8b7e47c8a2d642c38a7d0926961f1020c5d5d927b5ad
-
SSDEEP
196608:zFxfv1GzgP9pE3gc1AE29JJFCklAzIaFerSzOpF0+dOtXUfvD:RV9391c1r29JJ3irKF0cOtXU3D
Static task
static1
Behavioral task
behavioral1
Sample
QtCore4.dll
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
QtCore4.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
QtGui4.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
QtGui4.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
QtNetwork4.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
QtNetwork4.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
libeay32.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
libeay32.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
nksl3_logger.exe
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
nksl3_logger.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
runtime/Nokia_Connectivity_Cable_Driver_Version 7_1_69_0.msi
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
runtime/Nokia_Connectivity_Cable_Driver_Version 7_1_69_0.msi
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
runtime/handle.exe
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
runtime/handle.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral15
Sample
runtime/vcredist_x86_2008.exe
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
runtime/vcredist_x86_2008.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
ssleay32.dll
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
ssleay32.dll
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
QtCore4.dll
-
Size
2.4MB
-
MD5
437149501b6f3e6efa0db102199da982
-
SHA1
6fccefe7038e8e564cfb123b2945bd32f0419eaf
-
SHA256
b96f6c62a747ec3b8644f6487b626afd89102f638349e30dacefadd2122ea552
-
SHA512
b3dfdbbd259f2449a334730d84493efd824f0c057e84937ffbb77d44bf9a06c8271023af27e1b4ccde95b8d63f46d964e411d77abb751b0e37366d0f26725a31
-
SSDEEP
49152:CDPfV/OFDsKpLVYuBnM3Jsv6tWKFdu9CDTILyvL/6mShMZtmjNUVrciV5P+7QVgH:CDPfaTDpkJsv6tWKFdu9CI
Score3/10 -
-
-
Target
QtGui4.dll
-
Size
8.0MB
-
MD5
b049f9abf7d11ce94c6f9b5c66d8c011
-
SHA1
ae4792227ed2c50fe61703abc980de1c11c9b8be
-
SHA256
e93a1b84f13ac4c37fe3ba6f6f70126b7bbf61fee29cd2e64402468a0e873b97
-
SHA512
8167397a27155a3ddd88217de11d3ad00262bd04465039e3319cf8fa87ba94283bc90578d00e58f2dfbc48d8252b20ec5ace190838ed19b446feb074c263efe1
-
SSDEEP
98304:AxG0ZfWg5IUZuNIKZhX0l/Of5DRgLw4vP7481nDsPbJ:AxVZf/IUZuGkxYWf5+A
Score3/10 -
-
-
Target
QtNetwork4.dll
-
Size
983KB
-
MD5
2b653fea9a9d62172154174f2fa9a8e3
-
SHA1
1581935c56c29522c9d65b68bb0ccbaf2b2cda46
-
SHA256
105612c82d548d034f1478968fb50bfe2d52f338dd003d5b3d5ac12ab3f1622e
-
SHA512
5390697d4abdb3d82ca1175b51be11d1999e89bb090fb540236196c9839705cac151968be6194b6e13999734dfb2377b135d5704f28d48fb304c627045be2b04
-
SSDEEP
12288:Ej6ao6Js7aRcHhazfkYSgMa854EMeTElfSODH+YAJmBHPykUetXtMxW+mbxr8F:EWl6OPHMfkYSz54EkfbH+lkt9kq
Score3/10 -
-
-
Target
libeay32.dll
-
Size
996KB
-
MD5
1ef203f15d2cadde7dead56cebcab76f
-
SHA1
0e8ebe37ced8018ab85b021eea50987ee1a86b85
-
SHA256
43bd635e9c372b57c15d40bf03079e3135ebd98e9d1ec1f87bf59ca04c859208
-
SHA512
417cdda1d3ac73bce6ad9db7cb7a35c22788595a138675b58fd301d17e799d13a7ae6c5d65e115db15700882043ac135396637a4f29b8451b523ed2b26904b02
-
SSDEEP
24576:vacXtxw2fK4OgF246WqrSpeBumZG0B7dGZ:v6HH46/SpYumZGsGZ
Score1/10 -
-
-
Target
nksl3_logger.exe
-
Size
2.2MB
-
MD5
81ea9111c486b134ea63fa0c500579f4
-
SHA1
0d0fa71f39f888a4692eaa47819f42b868217574
-
SHA256
92690cf47586af87c63228d63f36f5738c398d3f243dc6bbfe2aea03381250bf
-
SHA512
41266c626e7202ed5671d39b43a0b1bd16fc2b0453e3aa98fee642b7ccfed666212b1597d8ff068cfa0636b0b72290a9a744cd4003ba5d47a0af30a6dc1339aa
-
SSDEEP
49152:kfu22WgIny+LDsEZ3Z/1I8H9qWJBZbEswm8KYDhK22xYzFiIe2G7Sw:kuOgkyWNV8yfbx+K22ydul
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
runtime/Nokia_Connectivity_Cable_Driver_Version 7_1_69_0.msi
-
Size
7.7MB
-
MD5
80bb7bb30e33ac2b7bea51e6681b56bc
-
SHA1
9def00a0f350f845e27c421dbac170ca29e5f5ce
-
SHA256
876a015fc3380cab42b31e09a193990d93f2441b7066aec7b99b8b88b8d9e2c7
-
SHA512
b52346fb3e2516643e412275406cda7a19e8a2be31e15c486c94743e6b3b5e58591158468450f09845ba3770819186cb3645e7f19f5a78210c1320d3d0382e8a
-
SSDEEP
98304:VAXDF1NUnLjzytCVZWqiIaniHQnN0fuZb9VBeCs4:WXNUnLjGyZBiIaniwWGGCp
Score6/10-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
runtime/handle.exe
-
Size
413KB
-
MD5
50c128c5b28237b3a01afbdf0e546245
-
SHA1
7dffdfde2856d2dbd21f54af16edd9cc3447cb6f
-
SHA256
4690b6fca6898297eb31259c7fad2edaea5308ff8628c12c4586c5fc9902247e
-
SHA512
6ac8aa872afcde96833e9b347db8765aac0378231c0a920781a14d1d4a79ed3bc1ff1a7cd6b2ac3f7e03c43208c6d2b77b75649497a4d0bea611c22ca54e90ff
-
SSDEEP
6144:Gzhmwu/RyL8heQcnyRE11ulyhCs2VSP0N3+mUinHv6AcNkqJGLrVU5B:cw/ULVQw1J2eOvAG3K5B
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
runtime/vcredist_x86_2008.exe
-
Size
1.7MB
-
MD5
b936f0f378b9a35489353e878154e899
-
SHA1
56719288ab6514c07ac2088119d8a87056eeb94a
-
SHA256
c6a7e484f4d84883bc1205bccea3114c0521025712922298ede9b2a1cd632357
-
SHA512
acdf7b464a258b3ae3015c808d0e08a697ba3209662faa9b18c1aee882bf236dc725f6c3425cb6f9e10d8ab5cbb82ac118ff947a4b9ec6f91c2e150b0beef70f
-
SSDEEP
49152:wQixbpVndRcpfqwYO3u2XoKNLlMDEe/pmVS/F0jD:wtdnfnwp3oOLuB/3/uD
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
ssleay32.dll
-
Size
205KB
-
MD5
88c07e0ba6aa49cbae9958790c30c564
-
SHA1
aa327f0f7bb6a7a428726553a490c6894be50405
-
SHA256
157e81c3be64751f8b1b0dfa0b0b32b45d841c71b38392cf807951a5dfe869a8
-
SHA512
698a99373400406a4cc5115f7d41218cd5e264b2818a6a1742d6ffdfe23f1373bc876dba7d2dc2bc82df76c99fb32291f7ca086d52e1251e49c4a2988c19ad23
-
SSDEEP
6144:gYZ6fUZmg59YgyIaPxsg0knnWpLtKACG+P7WBpnoF4XBok:gYqUZP9YghaPxbbn0vCG+P7Wu4XCk
Score1/10 -