Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

7

Photoshop.exe

windows7-x64

7

Photoshop.exe

windows10-2004-x64

7

$PLUGINSDI...ol.dll

windows7-x64

7

$PLUGINSDI...ol.dll

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

7

$PLUGINSDI...em.dll

windows10-2004-x64

7

$PLUGINSDI...te.dll

windows7-x64

8

$PLUGINSDI...te.dll

windows10-2004-x64

3

$PLUGINSDI...sh.dll

windows7-x64

7

$PLUGINSDI...sh.dll

windows10-2004-x64

7

$PLUGINSDI...ry.dll

windows7-x64

3

$PLUGINSDI...ry.dll

windows10-2004-x64

3

$PLUGINSDIR/xml.dll

windows7-x64

7

$PLUGINSDIR/xml.dll

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Photoshop.exe

  • Size

    194KB

  • Sample

    240319-dmdp1sfh92

  • MD5

    bbb7c7f58d03d5758c43ad3f9ca344fb

  • SHA1

    41c7a5b247f3eb885ce47fff042baa898741e4de

  • SHA256

    f9e41fe0854e1d2cba512b09924e117b044f23232e621b02e762a0988b044636

  • SHA512

    3eeb0429249c31e9f2523e467a4d58d087eba521f598eb0883b5189421af47d0962ed191701f99e62b958e15d7e9d02e0a3bde99527493306c16a3beb5b608e1

  • SSDEEP

    3072:yweqOYEUXPnpQIQQQJQDb+y56XwQWSGmtE0GJZfwdl4gCr8jfmq/A+y9D427:PEUXunbGz4d/CYSq/Xm

Score
8/10
persistenceupx

Malware Config

Targets

    • Target

      Photoshop.exe

    • Size

      194KB

    • MD5

      bbb7c7f58d03d5758c43ad3f9ca344fb

    • SHA1

      41c7a5b247f3eb885ce47fff042baa898741e4de

    • SHA256

      f9e41fe0854e1d2cba512b09924e117b044f23232e621b02e762a0988b044636

    • SHA512

      3eeb0429249c31e9f2523e467a4d58d087eba521f598eb0883b5189421af47d0962ed191701f99e62b958e15d7e9d02e0a3bde99527493306c16a3beb5b608e1

    • SSDEEP

      3072:yweqOYEUXPnpQIQQQJQDb+y56XwQWSGmtE0GJZfwdl4gCr8jfmq/A+y9D427:PEUXunbGz4d/CYSq/Xm

    Score
    7/10
    upx

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      $PLUGINSDIR/AccessControl.dll

    • Size

      8KB

    • MD5

      65d017ba65785b43720de6c9979a2e8c

    • SHA1

      0aed2846e1b338077bae5a7f756c345a5c90d8a9

    • SHA256

      ccc6aaf1071d9077475b574d9bf1fc23de40a06547fc90cf4255a44d3bf631ac

    • SHA512

      31a19105892d5a9b49eb81a90a2330c342a5504fa4940b99a12279a63e1a19ee5d4b257d0900794ff7021a09408995a5d12e95cc38f09cf12fb2fd860d205c95

    • SSDEEP

      96:18YNfTAJj9KMMVSyPg8uxZAQ/zdVJF/mSsQwV6i8zRRxqBt/FZTIVe7/cIH8ykeO:1XwKMMfPuxJ/zb+b6fR+bZEwywQ9

    Score
    7/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/FindProcDLL.dll

    • Size

      3KB

    • MD5

      b4faf654de4284a89eaf7d073e4e1e63

    • SHA1

      8efcfd1ca648e942cbffd27af429784b7fcf514b

    • SHA256

      c0948b2ec36a69f82c08935fac4b212238b6792694f009b93b4bdb478c4f26e3

    • SHA512

      eef31e332be859cf2a64c928bf3b96442f36fe51f1a372c5628264a0d4b2fc7b3e670323c8fb5ffa72db995b8924da2555198e7de7b4f549d9e0f9e6dbb6b388

    Score
    3/10
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/System.dll

    • Size

      7KB

    • MD5

      8b06f277ae47f0d2e1c7098a5657ee88

    • SHA1

      e3802a6f3949b6c8cd058d840b8776ebf587eed2

    • SHA256

      ddccebbf499672af3a74be6fb838b804a66679f7689dde137c39f4e0df1be11d

    • SHA512

      6bb68bd7ce5577ba6460ba2eb11536703d0472ba6f91f2fd9b2ec93128cc2700a426217b1029380a8b98cb823b67959d73edd99b3c3812532530aeae0d928060

    • SSDEEP

      192:Tdfh7NV2z5EBeRSUqc23Kh2mkkxZoPRACMh:vuVEBiqclUa7op8

    Score
    7/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/locate.dll

    • Size

      17KB

    • MD5

      7d3317f57c1a368480ace3c0ca804eeb

    • SHA1

      d4c7e185bc64aac82339f51ba6c21cf0713c9f1a

    • SHA256

      d88a04c1e39db583eaad727fd390fe599ab10198ee040bfbdd22daefadbd2372

    • SHA512

      5598c2e6caa2f66edd48f8c8305e054d4b0740b5f2b7ed92cf197a13ac66ba99a32013d34b3c2e28d007ab7979eb90a50681324eb736b1410e7df1902e4ec32a

    • SSDEEP

      384:ev/vPBkA6dK8wiLe45naPji7hpx2kRV+qgm:evyvwiNnGji7Xxjc8

    Score
    8/10
    persistence

    • Modifies Installed Components in the registry

      persistence

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral10behavioral9

    • Target

      $PLUGINSDIR/newadvsplash.dll

    • Size

      6KB

    • MD5

      5100e2f48ba0703991a622f5055a7257

    • SHA1

      8932b3a37ec8200f0e3bc6752f7edb538921eab8

    • SHA256

      bb2f5240aaae2c339c8857e061f9a5057c79b35384a903b6b7be6845ee1db038

    • SHA512

      4f4939eae24a330051c3163509010cc6d0c5ed51a31c41d6bc2a10dae9ea1d0c890b31d42742b45f79c29707d7ba1dea7f60cf25957d205170b83b151ca555ac

    • SSDEEP

      96:viFeZ6F0nLwzgAGDeYTpMkQYmBXRrHOU2cHkd:viF06QpAbYTpnQYmBXRr72c

    Score
    7/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral11behavioral12

    • Target

      $PLUGINSDIR/registry.dll

    • Size

      24KB

    • MD5

      2b7007ed0262ca02ef69d8990815cbeb

    • SHA1

      2eabe4f755213666dbbbde024a5235ddde02b47f

    • SHA256

      0b25b20f26de5d5bd795f934c70447112b4981343fcb2dfab3374a4018d28c2d

    • SHA512

      aa75ee59ca0b8530eb7298b74e5f334ae9d14129f603b285a3170b82103cfdcc175af8185317e6207142517769e69a24b34fcdf0f58ed50a4960cbe8c22a0aca

    • SSDEEP

      384:W2mvyNjH3rPnAZ4wu2QbnC7qB7PnrvScaeYA4CIDEge/QqL2AQ:/75w/OfrzB4CUxuQfA

    Score
    3/10
    behavioral13behavioral14

    • Target

      $PLUGINSDIR/xml.dll

    • Size

      55KB

    • MD5

      12a31750971f5a6bb5a6a8893f3dcd75

    • SHA1

      9f26b5e353341562cfcf1c44a337a285dad2ec5f

    • SHA256

      06d28fa930e52746194d4e28a353a81b2dd34b644ac5b354f4caf4fed2f6e591

    • SHA512

      25347c2c670d24782401274e7120c714aa24f265584dc199ac4c7c83090e8f1137d766ad578773a435feea216d416e7fc80b9e2fe14d073ac185ab77a597d68e

    • SSDEEP

      1536:rD5wQQSyGqyGBpCJDLAOXKCNNhMYnouy8:rD2QKyGpmt3hMQout

    Score
    7/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral15behavioral16

MITRE ATT&CK Enterprise v15

Tasks