Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
10rcsetup153.exe
windows7-x64
10rcsetup153.exe
windows10-2004-x64
10$PLUGINSDI...nt.dll
windows7-x64
3$PLUGINSDI...nt.dll
windows10-2004-x64
3$PLUGINSDIR/INetC.dll
windows7-x64
3$PLUGINSDIR/INetC.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3$PLUGINSDI...ll.dll
windows7-x64
1$PLUGINSDI...ll.dll
windows10-2004-x64
1$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$_107_/$_1...UI.dll
windows7-x64
1$_107_/$_1...UI.dll
windows10-2004-x64
3$_108_/lang-1025.dll
windows7-x64
1$_108_/lang-1025.dll
windows10-2004-x64
1$_108_/lang-1026.dll
windows7-x64
1$_108_/lang-1026.dll
windows10-2004-x64
1$_108_/lang-1027.dll
windows7-x64
1$_108_/lang-1027.dll
windows10-2004-x64
1$_108_/lang-1028.dll
windows7-x64
1$_108_/lang-1028.dll
windows10-2004-x64
1$_108_/lang-1029.dll
windows7-x64
1$_108_/lang-1029.dll
windows10-2004-x64
1$_108_/lang-1030.dll
windows7-x64
1$_108_/lang-1030.dll
windows10-2004-x64
1$_108_/lang-1031.dll
windows7-x64
1$_108_/lang-1031.dll
windows10-2004-x64
1$_108_/lang-1032.dll
windows7-x64
1$_108_/lang-1032.dll
windows10-2004-x64
1General
-
Target
rcsetup153.exe
-
Size
12.4MB
-
Sample
240501-hje6wscd86
-
MD5
5ffb412044b8bfbcda9dab78cf4e8ac5
-
SHA1
d4e81d90ceaf8179a8b8f112cfa310ec89106dd0
-
SHA256
b3df198d64ba6f401611f56743bd344c1b02915f9e5d571d271ef8557feaf56c
-
SHA512
ed5d688e08482e4289c8b74d70398c529cef940379539c8830b44b75385bc1aa5ad5ffd1bcb4f84a193f27064b3fada6b6643ee164c1f4d91479f18c371ea28b
-
SSDEEP
196608:VzbT8y9mYpOxg521uaSrwizLnyrGB5kVmQ4Sk0OL9MH70Ep+4IhX4kYRd5ekUDGe:V3TXUxgTaSvLn5I2SriMY4+4I1uEkkTF
Behavioral task
behavioral1
Sample
rcsetup153.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
rcsetup153.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/ButtonEvent.dll
Resource
win7-20240419-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/ButtonEvent.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/INetC.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/INetC.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20231129-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20240419-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/g/gcapi_dll.dll
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/g/gcapi_dll.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240220-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral15
Sample
$_107_/$_107_/pfUI.dll
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
$_107_/$_107_/pfUI.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral17
Sample
$_108_/lang-1025.dll
Resource
win7-20240220-en
Behavioral task
behavioral18
Sample
$_108_/lang-1025.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral19
Sample
$_108_/lang-1026.dll
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
$_108_/lang-1026.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral21
Sample
$_108_/lang-1027.dll
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
$_108_/lang-1027.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral23
Sample
$_108_/lang-1028.dll
Resource
win7-20240215-en
Behavioral task
behavioral24
Sample
$_108_/lang-1028.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral25
Sample
$_108_/lang-1029.dll
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
$_108_/lang-1029.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral27
Sample
$_108_/lang-1030.dll
Resource
win7-20231129-en
Behavioral task
behavioral28
Sample
$_108_/lang-1030.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral29
Sample
$_108_/lang-1031.dll
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
$_108_/lang-1031.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral31
Sample
$_108_/lang-1032.dll
Resource
win7-20240221-en
Behavioral task
behavioral32
Sample
$_108_/lang-1032.dll
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
rcsetup153.exe
-
Size
12.4MB
-
MD5
5ffb412044b8bfbcda9dab78cf4e8ac5
-
SHA1
d4e81d90ceaf8179a8b8f112cfa310ec89106dd0
-
SHA256
b3df198d64ba6f401611f56743bd344c1b02915f9e5d571d271ef8557feaf56c
-
SHA512
ed5d688e08482e4289c8b74d70398c529cef940379539c8830b44b75385bc1aa5ad5ffd1bcb4f84a193f27064b3fada6b6643ee164c1f4d91479f18c371ea28b
-
SSDEEP
196608:VzbT8y9mYpOxg521uaSrwizLnyrGB5kVmQ4Sk0OL9MH70Ep+4IhX4kYRd5ekUDGe:V3TXUxgTaSvLn5I2SriMY4+4I1uEkkTF
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
$PLUGINSDIR/ButtonEvent.dll
-
Size
5KB
-
MD5
c24568a3b0d7c8d7761e684eb77252b5
-
SHA1
66db7f147cbc2309d8d78fdce54660041acbc60d
-
SHA256
e2da6d8b73b5954d58baa89a949aacece0527dfb940ca130ac6d3fd992d0909d
-
SHA512
5d43e4c838fd7f4c6a4ab6cc6d63e0f81d765d9ca33d9278d082c4f75f9416907df10b003e10edc1b5ef39535f722d8dbfab114775ac67da7f9390dcc2b4b443
-
SSDEEP
48:a7sTTDi+BjvqYR4gYFmsHFpXq65lZ9W5wOXnhLk4nOvlWxG5PZKuB:ri+BjSXgY8sHFE6TzWXzncsGSm
Score3/10 -
-
-
Target
$PLUGINSDIR/INetC.dll
-
Size
23KB
-
MD5
7760daf1b6a7f13f06b25b5a09137ca1
-
SHA1
cc5a98ea3aa582de5428c819731e1faeccfcf33a
-
SHA256
5233110ed8e95a4a1042f57d9b2dc72bc253e8cb5282437637a51e4e9fcb9079
-
SHA512
d038bea292ffa2f2f44c85305350645d504be5c45a9d1b30db6d9708bfac27e2ff1e41a76c844d9231d465f31d502a5313dfded6309326d6dfbe30e51a76fdb5
-
SSDEEP
384:l4Z8sUAUNuGGsPVPEZ+OLkCnFJDhgvZwcRa9h9S4y4fO:lG8sUAUnt88CFJDhmajMA
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
cff85c549d536f651d4fb8387f1976f2
-
SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
-
SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
-
SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88
-
SSDEEP
192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
Score3/10 -
-
-
Target
$PLUGINSDIR/UserInfo.dll
-
Size
4KB
-
MD5
2f69afa9d17a5245ec9b5bb03d56f63c
-
SHA1
e0a133222136b3d4783e965513a690c23826aec9
-
SHA256
e54989d2b83e7282d0bec56b098635146aab5d5a283f1f89486816851ef885a0
-
SHA512
bfd4af50e41ebc56e30355c722c2a55540a5bbddb68f1522ef7aabfe4f5f2a20e87fa9677ee3cdb3c0bf5bd3988b89d1224d32c9f23342a16e46c542d8dc0926
Score3/10 -
-
-
Target
$PLUGINSDIR/g/gcapi_dll.dll
-
Size
348KB
-
MD5
2973af8515effd0a3bfc7a43b03b3fcc
-
SHA1
4209cded0caac7c5cb07bcb29f1ee0dc5ac211ee
-
SHA256
d0e4581210a22135ce5deb47d9df4d636a94b3813e0649aab84822c9f08af2a0
-
SHA512
b6f9653142ec00b2e0a5045f0f2c7ba5dbbda8ef39edf14c80a24ecab3c41f081eb466994aaf0879ac96b201ba5c02d478275710e4d08b3debc739063d177f7e
-
SSDEEP
6144:O3RIclFikwwYUP5SvL8z6uNMw4n8kUddV6F8Q4cfRUWj/aNTcES:O36SwwviL8VgnaddV6F8Q4cZBzES
Score1/10 -
-
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
9KB
-
MD5
6c3f8c94d0727894d706940a8a980543
-
SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd
-
SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2
-
SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355
-
SSDEEP
96:o0svUu3Uy+sytcS8176b+XR8pCHFcMcxSgB5PKtAtgt+Nt+rnt3DVEB3YcNqkzfS:o0svWyNO81b8pCHFcM0PuAgkOyuIFc
Score3/10 -
-
-
Target
$_107_/$_107_/pfUI.dll
-
Size
17.3MB
-
MD5
f7222368c66e02ee333e6fca4fdccb66
-
SHA1
b2c6c1d24f78cb4a6de87eba5480f3a6f6b278b5
-
SHA256
b09f1359c68947c7d13123dda3ab56360b982befb43c134be815934ed4879215
-
SHA512
ab6158735234cbbc7ccfdee3c8e247d196070aa234e6bcb6b4cc6c13b4d0f1c85d84afe5c7d3f98349b32a4d4bc84750335fc9f1d8032e759ea03cea1e11a839
-
SSDEEP
196608:eq9tM//w3LdH51kP1XLw8Il4GCp1YANlQjxS+g5P7dG2A/GH:eo3LP1kP17HIl4GC7YMywFBI2iGH
Score3/10 -
-
-
Target
$_108_/lang-1025.dll
-
Size
44KB
-
MD5
9ddb914c12b8931300badf0af3007afc
-
SHA1
ca12b9a7928e73a94db8ea43aa3969508c219ef5
-
SHA256
3986bfe961bbd9cfa4f157755aef89ee064f6dcd33419d79d8edb09d72153df7
-
SHA512
f76cc7d441275be6bf5fbf7684aad98ce9b43bac4a9fc3579770ab2fb79282c25e478c4601682ae73175fb443205e7005907b1317ac7f07a9d74e4f159cb0830
-
SSDEEP
768:hPVpM7puy+sCFdveQY/0CjEc4ICxrQRx4hl84XMJYiZskPxWEvLT:hPzMAmQY/F4e4Xa7ZnPxRT
Score1/10 -
-
-
Target
$_108_/lang-1026.dll
-
Size
46KB
-
MD5
e481a7929bb5259c2c3109f715898446
-
SHA1
2fd5ab1da7f07d73a60866d83dea01315f8b98d0
-
SHA256
a3ffcfe0a2f99be55ca688e069a401a1c662d81e103760e87bce33fe6bde6395
-
SHA512
4e6e1354323235176d556dc2b3ebb037120deb509009f66272bc17d381e9c7a802340939560c6d4c8aac27585300d8484f43eb8fbdb8c840fde3f20817362fab
-
SSDEEP
768:WPCpjxS93hokCxmfOP4PKQlVXHYi++PxWEGFcN:WPwQ93hcTOXH7vPxj
Score1/10 -
-
-
Target
$_108_/lang-1027.dll
-
Size
51KB
-
MD5
2facb5e65c8480fc8a0c3ddca8469020
-
SHA1
0eff87f3c92a039fd1807fb06633be83c7e1f640
-
SHA256
8d989a3a83df8150bead76dd49cc8c32b4242d006347061cedd06759e9e20f79
-
SHA512
7739c700d7c9bf011b7ac2d59786e20a54644603b1d42ea9c28fe43c0aae86968d38ef131abbf7030b289e389bbc96bb664215f729b17020975412a237d49d16
-
SSDEEP
768:5Ps6VX8o9aTNSWMd7eJMSCFG1uhq75C5f5viRPAz9yMJYFuaSRaIw1go0kSIoUl1:5P9jYnyUeNvcnirI6o+Xq7poPxfO
Score1/10 -
-
-
Target
$_108_/lang-1028.dll
-
Size
27KB
-
MD5
de8dcf8665fbf2125e03e13fa0af7e5c
-
SHA1
df9f08b3f6145d30205d290e1e4c56b74bc04734
-
SHA256
636075af19d92afd327fe831b28836c1fd196d10279f0fa046b6e0de870c5a0f
-
SHA512
2b3283d413938db03f61cda75646f1b8aedb869240416b35501cf0079666841d1ec85e49e9c7e9c97b5415bc6de6960f6f07ed410afdade12ffd1e80ceb51a1a
-
SSDEEP
384:SP3Rmn+l5vWw93L/j+RgkcRkGBPY+okbqyWa4fE+rdXDIYi0cpzuxaPxh8E9VF0i:SPBmn+fjbySXq+of9apYijuoPxWEvn
Score1/10 -
-
-
Target
$_108_/lang-1029.dll
-
Size
46KB
-
MD5
b795c500b754cb89fa59a75e93ec2995
-
SHA1
9f6b82938fdcc3d40912f8dd6b7b9c793e62a282
-
SHA256
c20b2fbdf7abfe43715fbd9a885e77e19048be0f6e43a68068bb72abec0d886b
-
SHA512
c4505108c5ad0d996d78d49b8f0909d76bee5de591c857c53700fdd022a5fffd311626d7f3624e73b982b570922d64daa72b59363a4f41e9ff97624ed442a03f
-
SSDEEP
768:ePZ2yVKJqdpBXvZ1X0m04I1hGxBQmRMtzaZG2mpX9YiIPxWEgD:ePZgExpbI1EQlX97IPx0
Score1/10 -
-
-
Target
$_108_/lang-1030.dll
-
Size
46KB
-
MD5
44bbf13452ffb6fc77a1cab6b3eb70a3
-
SHA1
2e06230f1efa667ad271898caf82925162ee4984
-
SHA256
dd392a083f67df1d2ecacae0131800c232040b84b5b8fce4df477a70930b4eb7
-
SHA512
3ec1e86310e8ba96b992c961ffe49bcbc0ceea02ccf66ce183a429301dfd9021b953602e8880aa66c689966aaa2ca61131971612da422d4932fa2d29a30db509
-
SSDEEP
768:9PSrISbuV9apL2tA6EDTo4brqXIVJpWsJlF4+wKRvo5Kw34YiX6MPxWEg7:9PXHUzouqYVJxi7Yva47pPxw
Score1/10 -
-
-
Target
$_108_/lang-1031.dll
-
Size
49KB
-
MD5
265be91935b61c63cba03f4b7f05cf7f
-
SHA1
569a8cf145dd27a087cbf8cdedf1330b4c52659c
-
SHA256
7c357f11264c03e881cd604b3e8d1d36eff1cc0bf0f9728e478b178c25a962de
-
SHA512
e7f204fc7806280e36bc15c7c92ad46919288848e50688d2b95ca0c8d1e65856508409ca0c28fce177ce4cb8ffa7c21c0690ba701399504d9cca6d37242d7f7b
-
SSDEEP
1536:6PXVRWROry0rguqQgGHw8LZPL66mYvsGOAEYz/q4lfOVM+IgS/XW+J6ES/OepRCt:6VRWROry0rgL+Hw8LZPL66mYvsGOAEYn
Score1/10 -
-
-
Target
$_108_/lang-1032.dll
-
Size
52KB
-
MD5
2951aff067cebc29a13b20b921416b86
-
SHA1
49c528c482ac6c48b36f5f011ea9aece7413e3eb
-
SHA256
bbc893ff8dd4279e7f822bd6f14c454db229cd85c09e44f45503bbe938343013
-
SHA512
7a1b2c27eead257ec441be1e3028bb02c8d0248503467188b83eae9e80f12a7e888277d6f17372fc2a008fb92848ba035b3e10ed31189e914fd920f6446bc5f4
-
SSDEEP
768:zPwHSM/6YQeAcdvneC11Btg4c1qJsaFKo+2BnS5pYiEBPxWEgGV:zPwHSk2ohuaFD3BnS5p7EBPxxV
Score1/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
1Pre-OS Boot
1Bootkit
1Subvert Trust Controls
1Install Root Certificate
1