Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

EOSSDK-Win...ng.dll

windows10-2004-x64

3

OpenAL32.dll

windows10-2004-x64

1

discord_game_sdk.dll

windows10-2004-x64

1

nvmp/CrashRpt1403.dll

windows10-2004-x64

1

nvmp/Crash...03.exe

windows10-2004-x64

1

nvmp/client.dll

windows10-2004-x64

1

nvmp/res/r...86.exe

windows10-2004-x64

7

nvmp/steam_api.dll

windows10-2004-x64

1

nvmp_launcher.exe

windows10-2004-x64

3

nvmp_start.exe

windows10-2004-x64

1

nvmp_storyserver.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    build_release_client.zip

  • Size

    34.0MB

  • Sample

    240420-l556zsea75

  • MD5

    c6ef0120f2c6941e08e70b2035fe74a3

  • SHA1

    5b091f1c37b5aad062f710e0ef409e44f189249f

  • SHA256

    b782dbd696f87d28831fb8dab4efc6d3779e04ceb305c235acd59bf076116cd5

  • SHA512

    066dcf455620f3e6aadf003c01151a292a238cb7688315616bb71f75df8bd91d0d5d1640277d1ab0b7ac00ced56ed0bb5f52a70da3b59aaf47dd6b96359c9cc2

  • SSDEEP

    786432:xAZ5ueLhHniSCY2ebnTaNpZ7Vpx99rAtuNL7nDPUu:KQeLhCpRZ7Vpx99rAINL7Dsu

Score
7/10
discovery

Malware Config

Targets

    • Target

      EOSSDK-Win32-Shipping.dll

    • Size

      14.2MB

    • MD5

      3ce404c063a9a36ec499b2b70c7a243f

    • SHA1

      363b74a1ba4e154545cc05489862a34aac4239a4

    • SHA256

      9f8726f8d2e60e74051c40f24feea73231d390485590b321ed2ad80dfa4c4bc4

    • SHA512

      9e3dde282ca3cb3f7cc96463992382c3f1d793b62e360d96af4aa4f5488b122d9d763aaff20b1c44fa9a02ec336a46cf9341d5a0d9c77eaeddb59f7f80cc79d3

    • SSDEEP

      196608:lmMbkp+6hnGFQmklzhMS+WbSVOXYdDbaSqSUf5H9DyyAOOez:lmM0jhGFKhMS+Wb1qIz51yzOL

    Score
    3/10
    behavioral1

    • Target

      OpenAL32.dll

    • Size

      616KB

    • MD5

      e470a54ed520301dedec87c9db7539e3

    • SHA1

      fe7fbb11d731e1ea67fe38cee3436b0dcbc240df

    • SHA256

      49f0b67af1341f69cec41940529c0ef551420282f471f0f869f89cc4ab6357c7

    • SHA512

      522448047c564a91734bafa3629ff6ab2697a560927016f522397a1431a1e735c09c1ad6a360fab2266fae063f05087f073ec6a0fddadafc20ebd5c7712bbc20

    • SSDEEP

      12288:PsmFzEdFKWRcDGqZagU7YLvAmvUCyc54j/XPlJtsMPsj+e:PXzKKjAGAuUxj/9JtsMC

    Score
    1/10
    behavioral2

    • Target

      discord_game_sdk.dll

    • Size

      2.8MB

    • MD5

      71d18d7510fad32a2ac4b038fcdd56e3

    • SHA1

      63b2383c12013dcd7bbee08a7f965148c14d9c9d

    • SHA256

      e49ca81252852250a254f8c3f169859696542af2d0a81348f5984f0af880f43b

    • SHA512

      b160977f17029774ab0c4b3d0f86e59e60e9b529388e629aee76b1d4023f27f91fae91f0c022c5c2f398e0ab38d36e7579e8aced8e2db372c4df5058640e8f2f

    • SSDEEP

      49152:XS6i6p3uVpMrgEc/QuZxg0hqPFhBlJ8KbozNtirBC8IU6iRTDr6I:XS0p3uV4zc/QuZxg08nlizae+pDmI

    Score
    1/10
    behavioral3

    • Target

      nvmp/CrashRpt1403.dll

    • Size

      103KB

    • MD5

      e1649511f335186d0cd89a382c44a0be

    • SHA1

      882e28f6da65b97e85e28e4f2bce6f1fd4cb8f41

    • SHA256

      a68d654461ee949442452872a0a750a01e9e13b3fc9201d3eb70c30cc027ab9e

    • SHA512

      a01f4bc05f46e3e4310cdf1df526ba819a371dbcd2ba9bb2e7cbed6f2c0321634e24e8c84aab70c9267f5a26948accacbe10e3d62d3b7e8752fe90a76d6e7d6f

    • SSDEEP

      3072:vx0HGSmCWR4j6XseOcF3VYSyP0OiESdr64i/Go:mmSmBwfeOQ3VYSc/G

    Score
    1/10
    behavioral4

    • Target

      nvmp/CrashSender1403.exe

    • Size

      1004KB

    • MD5

      21df5844315218acf4721b5cffd4c1fc

    • SHA1

      ad3a4ef53c37c26c358cb3ae8c00d0791f79e7ab

    • SHA256

      07b5229856f833d1734b6294d0eb2519cd7e37281e17d328e642d898e363a357

    • SHA512

      c7825ac2c3e8c56bc203f41ba623461bca9e6bac382fe5b6b958246de65ebacd3818b7e6d341536d42f12f045464d96b326813bc9ff29723b139c190877b28a8

    • SSDEEP

      24576:VYQdYQ1ckp4pjCUi1Q+YbvCCMAYgWj56RHZWhgPApKT1FZ:VYQdYQYCUi1rACCp2hyPT

    Score
    1/10
    behavioral5

    • Target

      nvmp/client.dll

    • Size

      3.3MB

    • MD5

      62edf80a8ff19f92527d83811f8697df

    • SHA1

      cba17efda7dcf980b061590a7763db2a52e2658e

    • SHA256

      299d125ba936071a6d3d143acab35d5a188e550e804232bfbeb9c23ae6e3ba88

    • SHA512

      9ae5f8894c105f94395f97440298350659a8bd117b39fe26c727a135579e452c3bca96fe5c06385b4b1f6b43f3b067048ca5d1ef544dfa0010ad54fc74e86b8f

    • SSDEEP

      49152:P4U+pCsG1JjYd9Akber+9GUZuQMb4az9rrlAg4IYrUT/6j9eFSK3499SeBZ4gR+z:J1Ydpbp+b4Cho26j9esH

    Score
    1/10
    behavioral6

    • Target

      nvmp/res/redist/vc_redist.x86.exe

    • Size

      13.7MB

    • MD5

      69551a0aba9be450ef30813456bbfe58

    • SHA1

      85354326ef8fbe908d9331446b8c8463577c5633

    • SHA256

      50a3e92ade4c2d8f310a2812d46322459104039b9deadbd7fdd483b5c697c0c8

    • SHA512

      f7a8578146a8666174adcffa8212eaddce8e433d7531c4704e2a35e7ce723f92b968e5b9df9c6662f351edd21317f929c04d23bf2b976642a92d663d0e3f5240

    • SSDEEP

      393216:Sr/wlptVYmfr7yBG/4fXw91bfPLnzgm7:SbMpttD7yBG/T91bnf

    Score
    7/10
    discovery

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral7

    • Target

      nvmp/steam_api.dll

    • Size

      256KB

    • MD5

      56d9f94d37cb8f03049a1cc3062bffaf

    • SHA1

      90f0f4780117bd2ae44fe051077005964eb75bce

    • SHA256

      1ac139ebad2a653adff5700347274cf9816256eb5d69ae6dc43c4cf9c8532aa7

    • SHA512

      f92bc75a4fc6de545a9773093c39993942f03d5091c6fa0150e0bd00fb5c1dfb6edb3afc0afc7eaf3fd311336e513eeacfbb2cac5d638ab366c384c9e831b54e

    • SSDEEP

      6144:D9j7BrSKU/mXxQ7C8cbp9huslymC2CPRuyd/:D9j7BrSKUYQWByl2C7d/

    Score
    1/10
    behavioral8

    • Target

      nvmp_launcher.exe

    • Size

      9.7MB

    • MD5

      886d084da50d4acffd0a4741a599bedd

    • SHA1

      d5cfbcc697fc92aebf5baf50325235f42759686d

    • SHA256

      0a7f2571b6ce3c0106a23b9db6ab102fd222821ba6bca23a77df9c0608c4a95f

    • SHA512

      54db14ba1c993720eac9c9a8af314e4733fa748b0e10a1f3b6986c631a17c412e2c4cc8d5e96ae09d8daf26bc7af362818e4ee10501698ac47a795c9dc3556af

    • SSDEEP

      196608:9r798tO8AZ0cmLkNL16Sp7negpg9GTNS5zB/oM66:9mML0cwkNAQegWGTNOzdoj

    Score
    3/10
    behavioral9

    • Target

      nvmp_start.exe

    • Size

      1.0MB

    • MD5

      d0607f951dbbe8f0ed8925b53b9776b9

    • SHA1

      2c34a27bf2fe530af103fd283a31261c2cc9522d

    • SHA256

      51d37de464bb935334078b94e281ae212f3d136f3c490752270e6b188cf18032

    • SHA512

      963b3e08c0f0ef6ee079efc1ea5aeec6f165d6882460919507977b04ccf62e2515c647d27e2434456ee588dd073485ecfcf84dcf3d18f56596b56dfaea5544f5

    • SSDEEP

      24576:TEGA+qic7Epd18qGHlZ26aipYYX2XcpaxttIw/v2mWG2mWG2mWG2mWGVF1lVF1lm:YN1Kn1G7taAYYGXcmtV/v2mWG2mWG2mu

    Score
    1/10
    behavioral10

    • Target

      nvmp_storyserver.exe

    • Size

      2.9MB

    • MD5

      4a4bf9e4b434e204fd5cfc9c0345489b

    • SHA1

      77e768b03c0f1c295fb46503d48ffd9528148e00

    • SHA256

      8b9061a46b3c910e6b89c7b2a9b5c08cde99753191aa299db83d8cfe987ebe39

    • SHA512

      9320fecc244abe745b44ced2204fb287de3a39a6922249ab971b0e76fd98fcfebf8fe3210e11e66db3580bd33fa13afcd0aca87a34976c57e3088e5441ad7c94

    • SSDEEP

      49152:WbMWbq9Ky6KgmQ1+Ug+MgspDR4r9n3ynut3pRYwhrau01SL7rbL7rbL7rbyiSCyr:WZ3B1+XI53ynw

    Score
    1/10
    behavioral11

MITRE ATT&CK Enterprise v15

Tasks