Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

ForceCPU.exe

windows7-x64

1

ForceCPU.exe

windows10-2004-x64

1

HTCTL32.dll

windows7-x64

1

HTCTL32.dll

windows10-2004-x64

3

PCICHEK.dll

windows7-x64

1

PCICHEK.dll

windows10-2004-x64

1

PCICL32.dll

windows7-x64

1

PCICL32.dll

windows10-2004-x64

1

QWhale.Common.dll

windows7-x64

1

QWhale.Common.dll

windows10-2004-x64

1

QWhale.Editor.dll

windows7-x64

1

QWhale.Editor.dll

windows10-2004-x64

1

QWhale.Syntax.dll

windows7-x64

1

QWhale.Syntax.dll

windows10-2004-x64

1

SampleRules.js

windows7-x64

1

SampleRules.js

windows10-2004-x64

1

SimpleFilter.dll

windows7-x64

1

SimpleFilter.dll

windows10-2004-x64

1

TCCTL32.dll

windows7-x64

1

TCCTL32.dll

windows10-2004-x64

1

Timeline.dll

windows7-x64

1

Timeline.dll

windows10-2004-x64

1

client32.exe

windows7-x64

10

client32.exe

windows10-2004-x64

10

libssl-3-x64.dll

windows7-x64

1

libssl-3-x64.dll

windows10-2004-x64

1

msvcr100.dll

windows7-x64

3

msvcr100.dll

windows10-2004-x64

3

pcicapi.dll

windows7-x64

1

pcicapi.dll

windows10-2004-x64

1

remcmdstub.exe

windows7-x64

1

remcmdstub.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    636448aec2f6e1054d00728cdd9719fe.bin

  • Size

    2.9MB

  • Sample

    240307-cc88hadb23

  • MD5

    6e972029bd1f71506114c5429a2ea5c7

  • SHA1

    d2f06c10ac78da5787d9b4e1bfbd3a974fd47662

  • SHA256

    90bf37ce35568a63a6af01f0f49add719cd7c4996d2469ab86c4e2b05c4b198f

  • SHA512

    bad35bd67fca5a417effeac30a02b94c18f914ca5bf917f90d1c7b74eb5867e2e774a804f52edf871cf69c4a84ea6307e6009b7fcbbcc95afa1e804f4ec07975

  • SSDEEP

    49152:zZmqBBXa/UpnCVhKgwHQucNclM2R+P/WfoaPc/1z2CTXxpdtEtbaeO0gHK4kq2+j:zZ3X5pC4gwwcnR+HWfoaPu/otpYkq2+j

Score
10/10
netsupportrat

Malware Config

Targets

    • Target

      ForceCPU.exe

    • Size

      19KB

    • MD5

      b982a103b0d4e0db856026a163124bf3

    • SHA1

      40772be00068bbd394ff0fccd551151a822f3e70

    • SHA256

      2d209c2b823e350c1f1661f87a3a013804302477afe56877f94adbafe7a2e06d

    • SHA512

      214ecdf348e2093e91a489c0541f05eb3356e2531c1840a99d9f727caf1130f5041ccbc6356a7bc31fb4dece927d3fee2fa9e4689d2badbe680fd40104a9d327

    • SSDEEP

      192:fHtIemmfltxD5WLtWwiyT5hNGnYe+PjPxucwwyibSucwwQJk35H0JOqxEV1a//bG:xD5WLZ5qnYPLxoDfoDg+JNY1cAhhv

    Score
    1/10
    behavioral1behavioral2

    • Target

      HTCTL32.DLL

    • Size

      320KB

    • MD5

      c94005d2dcd2a54e40510344e0bb9435

    • SHA1

      55b4a1620c5d0113811242c20bd9870a1e31d542

    • SHA256

      3c072532bf7674d0c5154d4d22a9d9c0173530c0d00f69911cdbc2552175d899

    • SHA512

      2e6f673864a54b1dcad9532ef9b18a9c45c0844f1f53e699fade2f41e43fa5cbc9b8e45e6f37b95f84cf6935a96fba2950ee3e0e9542809fd288fefba34ddd6a

    • SSDEEP

      6144:Hib5YbsXPKXd6ppGpwpbGf30IVFpSzyaHx3/4aY5dUilQpAf84lH0JYBAnM1OKB:Hib5YbsXioEgULFpSzya9/lY5SilQCfR

    Score
    3/10
    behavioral3behavioral4

    • Target

      PCICHEK.DLL

    • Size

      18KB

    • MD5

      104b30fef04433a2d2fd1d5f99f179fe

    • SHA1

      ecb08e224a2f2772d1e53675bedc4b2c50485a41

    • SHA256

      956b9fa960f913cce3137089c601f3c64cc24c54614b02bba62abb9610a985dd

    • SHA512

      5efcaa8c58813c3a0a6026cd7f3b34ad4fb043fd2d458db2e914429be2b819f1ac74e2d35e4439601cf0cb50fcdcafdcf868da328eaaeec15b0a4a6b8b2c218f

    • SSDEEP

      192:dogL7bo2t6n76RRHirmH/L7jtd3hfwjKd3hfwB7bjuZRvI:dogL7bo2YrmRTAKT0iTI

    Score
    1/10
    behavioral5behavioral6

    • Target

      PCICL32.DLL

    • Size

      3.6MB

    • MD5

      d3d39180e85700f72aaae25e40c125ff

    • SHA1

      f3404ef6322f5c6e7862b507d05b8f4b7f1c7d15

    • SHA256

      38684adb2183bf320eb308a96cdbde8d1d56740166c3e2596161f42a40fa32d5

    • SHA512

      471ac150e93a182d135e5483d6b1492f08a49f5ccab420732b87210f2188be1577ceaaee4ce162a7acceff5c17cdd08dc51b1904228275f6bbde18022ec79d2f

    • SSDEEP

      49152:0KJKmPEYIPqxYdoF4OSvxmX3+m7OTqupa7HclSpTAyFMJa:0KJ/zIPq7F4fmXO8u6kS+y/

    Score
    1/10
    behavioral7behavioral8

    • Target

      QWhale.Common.dll

    • Size

      192KB

    • MD5

      ac80e3ca5ec3ed77ef7f1a5648fd605a

    • SHA1

      593077c0d921df0819d48b627d4a140967a6b9e0

    • SHA256

      93b0f5d3a2a8a82da1368309c91286ee545b9ed9dc57ad1b31c229e2c11c00b5

    • SHA512

      3ecc0fe3107370cb5ef5003b5317e4ea0d78bd122d662525ec4912dc30b8a1849c4fa2bbb76e6552b571f156d616456724aee6cd9495ae60a7cb4aaa6cf22159

    • SSDEEP

      1536:jnPlSpsvrGlP3wYeBKpqmSNbgM9ZtZLZQErK3PmIDXRtFhCj6ocpjyc44lc:rlSpsnQCg4ZtZmECfRtF0cpjy94lc

    Score
    1/10
    behavioral10behavioral9

    • Target

      QWhale.Editor.dll

    • Size

      816KB

    • MD5

      eaa268802c633f27fcfc90fd0f986e10

    • SHA1

      21f3a19d6958bcfe9209df40c4fd8e7c4ce7a76f

    • SHA256

      fe26c7e4723bf81124cdcfd5211b70f5e348250ae74b6c0abc326f1084ec3d54

    • SHA512

      c0d6559fc482350c4ed5c5a9a0c0c58eec0a1371f5a254c20ae85521f5cec4c917596bc2ec538c665c3aa8e7ee7b2d3d322b3601d69b605914280ff38315bb47

    • SSDEEP

      12288:vC84TFHhCRR87er17m62l/YpMVuRWGoN0ty6B:vC9T+R87er325wMVuRaGtPB

    Score
    1/10
    behavioral11behavioral12

    • Target

      QWhale.Syntax.dll

    • Size

      228KB

    • MD5

      3be64186e6e8ad19dc3559ee3c307070

    • SHA1

      2f9e70e04189f6c736a3b9d0642f46208c60380a

    • SHA256

      79a2c829de00e56d75eeb81cd97b04eae96bc41d6a2dbdc0ca4e7e0b454b1b7c

    • SHA512

      7d0e657b3a1c23d13d1a7e7d1b95b4d9280cb08a0aca641feb9a89e6b8f0c8760499d63e240fe9c62022790a4822bf4fe2c9d9b19b12bd7f0451454be471ff78

    • SSDEEP

      3072:Ns/3b/8FpHf3kBFcCsbfqai2/8Fjitdmus95jMRrgk+vWZYz39dHiB796k9gR5+r:NQLa/kBFcCsbfRgzM07XGk+V

    Score
    1/10
    behavioral13behavioral14

    • Target

      SampleRules.js

    • Size

      22KB

    • MD5

      524d2bade9189baf1556a19a646cf4bf

    • SHA1

      66c1eff782d71d0a5cc8e370958137a9acd852e4

    • SHA256

      3d4de2f5b6be253ffe40b04e90b6fe80eb1025f97975b820683e679c55f5b3c8

    • SHA512

      36f1a2b9728e89b640fe5a5ee7cde1cdaacb6ca06149bbbe6fabec3d413dbef188f540568d68319df61e9c0d789e77489fe9893f8f4459f6b03cfef4a5b42095

    • SSDEEP

      192:M8hsvsRImy1MTb0LB1GeagkQqzzzgWGZIVW0Gdcen9CpNlPdhr3f8nYny7+zjW66:Mi0gg2zWia9SVnyqOZ

    Score
    1/10
    behavioral15behavioral16

    • Target

      SimpleFilter.dll

    • Size

      147KB

    • MD5

      90cdc635a1f1f8e6e1ee68918e0fb71a

    • SHA1

      65699920fc6fc9488c1eb8acaf5022eaeafb6815

    • SHA256

      afee7df6255757b3251721fca42e844753a617e0aa1ed43734e32e2fdae2c0af

    • SHA512

      720635e0e24ca06b3c400f6da201f08d174e5bef230037eeae023ca87f608b1c353ca58de1a5c99a5f3057b039704ed5e68a9e5448183527653afcaedcfc58ab

    • SSDEEP

      3072:e6NX70tFXM29SwIEV21p/r+Q7NNi+NQmDdj7RMttBaOrMzz27CDHqyoqKIh4bqG8:e6NXwM29SwIEV21p/r+Q7NNi+NQmDdjj

    Score
    1/10
    behavioral17behavioral18

    • Target

      TCCTL32.DLL

    • Size

      387KB

    • MD5

      eab603d12705752e3d268d86dff74ed4

    • SHA1

      01873977c871d3346d795cf7e3888685de9f0b16

    • SHA256

      6795d760ce7a955df6c2f5a062e296128efdb8c908908eda4d666926980447ea

    • SHA512

      77de0d9c93ccba967db70b280a85a770b3d8bea3b707b1abb037b2826b48898fec87924e1a6cce218c43478e5209e9eb9781051b4c3b450bea3cd27dbd32c7f3

    • SSDEEP

      12288:OpwbUb48Ju0LIFZB4Qaza4yFaMHAZtJ4Yew2j/bJa+neNQ:epq7BaGIn4BbLneNQ

    Score
    1/10
    behavioral19behavioral20

    • Target

      Timeline.dll

    • Size

      51KB

    • MD5

      ec476c3ee3f7d463fc8b71a8da42e103

    • SHA1

      a32e85e618a4451feefed350f7fdb88dc662833d

    • SHA256

      25e20d696fa2d40cab80d6e45e998f63ef17564b4bacd978d98dbf4492be93ee

    • SHA512

      ec3c77cb84667aea1330dbeb9e5756a37f55570e4edc1bdde9c873e9218cfed6da2c0df57f4f3f9c2864cb664d1eb55700c95a1555d4bc5d485f0fc028c02c3b

    • SSDEEP

      768:BE8uqoL19VqLPLyYhH9L52OBRz6e4NPTijqhRR2fTMR2fT8BN266bC:YVqLPLyYhFcGzyijLx26O

    Score
    1/10
    behavioral21behavioral22

    • Target

      client32.exe

    • Size

      101KB

    • MD5

      c4f1b50e3111d29774f7525039ff7086

    • SHA1

      57539c95cba0986ec8df0fcdea433e7c71b724c6

    • SHA256

      18df68d1581c11130c139fa52abb74dfd098a9af698a250645d6a4a65efcbf2d

    • SHA512

      005db65cedaaccc85525fb3cdab090054bb0bb9cc8c37f8210ec060f490c64945a682b5dd5d00a68ac2b8c58894b6e7d938acaa1130c1cc5667e206d38b942c5

    • SSDEEP

      768:q78j0+RH6e6XhBBxUcnRWIDDDDDDDDDDDDDDDDADDDDDDDDDDDDDDDDDDDDDDXDU:qwpHLiLniepfxP91/bQxnu

    Score
    10/10
    netsupportrat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport
    behavioral23behavioral24

    • Target

      libssl-3-x64.dll

    • Size

      547KB

    • MD5

      4ad9afd9ff710d89aa7530241771f9d9

    • SHA1

      b0f233fde9ebc6438c66051fd13e89b9d457894a

    • SHA256

      956a4925b8c2a62c7f639e855b1672a162610138f670f1d7ba6ab71ad3d94541

    • SHA512

      28a167cbf7acca2bf36f7c50bc0302fd040812df678d1d36d1fcadbbfadb279444849aad0228c864d6866b00e36c09c2ff9a6a9d867c25b6000384b421a2f8f5

    • SSDEEP

      6144:w5/NMS+7xbMkZThK/uhetwSzJupTJc2pqrbccv+5NDmqhIA3vCePl01sQi7PUYgh:wFNEQYKxtwAJeTJc2pmUD/v01sQigLW

    Score
    1/10
    behavioral25behavioral26

    • Target

      msvcr100.dll

    • Size

      755KB

    • MD5

      0e37fbfa79d349d672456923ec5fbbe3

    • SHA1

      4e880fc7625ccf8d9ca799d5b94ce2b1e7597335

    • SHA256

      8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18

    • SHA512

      2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630

    • SSDEEP

      12288:nMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BVoe3z:MmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV7z

    Score
    3/10
    behavioral27behavioral28

    • Target

      pcicapi.dll

    • Size

      32KB

    • MD5

      34dfb87e4200d852d1fb45dc48f93cfc

    • SHA1

      35b4e73fb7c8d4c3fefb90b7e7dc19f3e653c641

    • SHA256

      2d6c6200508c0797e6542b195c999f3485c4ef76551aa3c65016587788ba1703

    • SHA512

      f5bb4e700322cbaa5069244812a9b6ce6899ce15b4fd6384a3e8be421e409e4526b2f67fe210394cd47c4685861faf760eff9af77209100b82b2e0655581c9b2

    • SSDEEP

      768:JFvNhAyi5hHA448qZkSn+EgT8ToDXTVi0:JCyoHA448qSSzgIQb

    Score
    1/10
    behavioral29behavioral30

    • Target

      remcmdstub.exe

    • Size

      62KB

    • MD5

      6fca49b85aa38ee016e39e14b9f9d6d9

    • SHA1

      b0d689c70e91d5600ccc2a4e533ff89bf4ca388b

    • SHA256

      fedd609a16c717db9bea3072bed41e79b564c4bc97f959208bfa52fb3c9fa814

    • SHA512

      f9c90029ff3dea84df853db63dace97d1c835a8cf7b6a6227a5b6db4abe25e9912dfed6967a88a128d11ab584663e099bf80c50dd879242432312961c0cfe622

    • SSDEEP

      1536:Tf6fvDuNcAjJMBUHYBlXU1wT2JFqy9BQhiK:D6f7cjJ4U4I1jFqy92hiK

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Matrix

Tasks

static1

Score
3/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

Score
3/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

netsupportrat
Score
10/10

behavioral24

netsupportrat
Score
10/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
3/10

behavioral28

Score
3/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10