Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

71adc882c0...74.exe

windows7-x64

7

71adc882c0...74.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

App_Encryp...ty.exe

windows7-x64

3

App_Encryp...ty.exe

windows10-2004-x64

3

File/Crypt...86.dll

windows7-x64

1

File/Crypt...86.dll

windows10-2004-x64

1

File/runRe...it.bat

windows7-x64

3

File/runRe...it.bat

windows10-2004-x64

7

GXT.HttpWe...ls.dll

windows7-x64

1

GXT.HttpWe...ls.dll

windows10-2004-x64

1

Newtonsoft.Json.dll

windows7-x64

1

Newtonsoft.Json.dll

windows10-2004-x64

1

log4net.dll

windows7-x64

1

log4net.dll

windows10-2004-x64

1

zxing.dll

windows7-x64

1

zxing.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    71adc882c04d3971db6186a8630db425c571b8db6403036745e86b53bf1d3474

  • Size

    1.2MB

  • Sample

    240611-tzm28atbmf

  • MD5

    257e2d1def8119cf32305d0ae2248438

  • SHA1

    0b66b76837f1e30621e6f58ccc508e7434e2ad21

  • SHA256

    71adc882c04d3971db6186a8630db425c571b8db6403036745e86b53bf1d3474

  • SHA512

    68f70573882790806ebbf9d5b28dde4a097a3965afda675d61b7e87367d19b76878f22e6c05ee0a040b654f08b1f09483988e7b966a716b94d37ec678c953227

  • SSDEEP

    24576:MN4PIMCCydKVsrotSJ1tyDENPkUCpNkN0e+rTnKpTfS0Zs89ak296g:8lwmKq8KtymPMk6eyTnKZfSlj0g

Score
7/10

Malware Config

Targets

    • Target

      71adc882c04d3971db6186a8630db425c571b8db6403036745e86b53bf1d3474

    • Size

      1.2MB

    • MD5

      257e2d1def8119cf32305d0ae2248438

    • SHA1

      0b66b76837f1e30621e6f58ccc508e7434e2ad21

    • SHA256

      71adc882c04d3971db6186a8630db425c571b8db6403036745e86b53bf1d3474

    • SHA512

      68f70573882790806ebbf9d5b28dde4a097a3965afda675d61b7e87367d19b76878f22e6c05ee0a040b654f08b1f09483988e7b966a716b94d37ec678c953227

    • SSDEEP

      24576:MN4PIMCCydKVsrotSJ1tyDENPkUCpNkN0e+rTnKpTfS0Zs89ak296g:8lwmKq8KtymPMk6eyTnKZfSlj0g

    Score
    7/10

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      15KB

    • MD5

      ece25721125d55aa26cdfe019c871476

    • SHA1

      b87685ae482553823bf95e73e790de48dc0c11ba

    • SHA256

      c7fef6457989d97fecc0616a69947927da9d8c493f7905dc8475c748f044f3cf

    • SHA512

      4e384735d03c943f5eb3396bb3a9cb42c9d8a5479fe2871de5b8bc18db4bbd6e2c5f8fd71b6840512a7249e12a1c63e0e760417e4baa3dc30f51375588410480

    • SSDEEP

      384:EXsC43tPegZ3eBaRwCPOYY7nNYXC06/Yosa:EXJTgZ3eBTCmrnNA5p

    Score
    3/10
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      cff85c549d536f651d4fb8387f1976f2

    • SHA1

      d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

    • SHA256

      8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

    • SHA512

      531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

    • SSDEEP

      192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr

    Score
    3/10
    behavioral5behavioral6

    • Target

      App_EncryptUtility.exe

    • Size

      207KB

    • MD5

      2c315dde043485aed86d73b92a33c593

    • SHA1

      1ca632e820e6bec9e2c8862f7ebb72a13b448941

    • SHA256

      2e1440a7132af9c32b68b1719bbb577978a7a88b41117649b93872743f4df532

    • SHA512

      7faf926b4d562869c4e86c9ea7a7cf08504f110e423e65dae97f98e8c624a373f3d424042b6da263346ecb5ae49e408b7afb8079214809481d23bb161c6b414d

    • SSDEEP

      3072:mUW4BskUwTFmtU7BtEc/FFcVP5daEuhMQ9XhdbvJBml+br/r+rquTNu:ZWOskUwTH7Bl/FFcVGE+BmAyrVB

    Score
    3/10
    behavioral7behavioral8

    • Target

      File/CryptoKit.SDEG.x86.dll

    • Size

      1.1MB

    • MD5

      8b0b7f6b9b8df86944d0222229d68816

    • SHA1

      8c92080de0f48fd932834a76c7dc20c195320cde

    • SHA256

      7911ed26af8ad6dbc04e3cfce489c888e18724d41ff878051936bb2fde6f5ebe

    • SHA512

      1472edb3081262ef46702b13ebb8ef6bf7aeba68c2a739efa4e21b83a63a8575291d65eb94457f3fef355da57742c5976f37a1161b411e21ddb5a610b0ec623d

    • SSDEEP

      24576:dsegze2uMa6Ji9PULxI9XSFW5s0kI/xBdTlCQPb1+:jgS2NfVI9Ev0j/DdpD1+

    Score
    1/10
    behavioral10behavioral9

    • Target

      File/runReg_admin_CryptoKit.bat

    • Size

      358B

    • MD5

      b813c9f650bc28f8062a640788d589c7

    • SHA1

      99959bb6d7b00b9255d3ff7145be22669e5e92bd

    • SHA256

      0054e30f1d7d46f510cf2d91d0cbbb6d966c6e39af3fbdf90a40badee85349b3

    • SHA512

      344e0b1f986596b450613624b5e72384568a7246e77d995f85dd3dee6a7d0fab574ee8ab880fb3540703df68f7d2d6bf0b52afe899c0abb991bb4434b7ec4b34

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral11behavioral12

    • Target

      GXT.HttpWebRequestUtils.dll

    • Size

      8KB

    • MD5

      abdbfaf8c4d63d960302258b669b32a6

    • SHA1

      bfb438788d0672134a450ed1824cb9b52733f8f9

    • SHA256

      5d1586048564084fafc28f4e2f350a7930aec64c08289a84313ef0d371dd04fd

    • SHA512

      a68a27fb40cbdc0e1c964db265df0fd64ed98c7937989d3dda832a1675d61322707ceab6f058102e183383f4371041d50a8bcb0d1914f548a0f3e0d11b768b5d

    • SSDEEP

      192:t5zkBxlXJ+GScAtQX5arZacKDlItXGpcY:rmPJ+GpJarZaTGXG6Y

    Score
    1/10
    behavioral13behavioral14

    • Target

      Newtonsoft.Json.dll

    • Size

      487KB

    • MD5

      0c33e2f116aaa66d0012a8376d82ce29

    • SHA1

      81cd6b87a9f7b4a174138312986d682f464067f4

    • SHA256

      9a19ef049430af9ac49ff719cbfb73dc6c6b0d0ef53914479dd282260771518b

    • SHA512

      b19dceb47d943bcb40f185e232eb1a0f665f6b6107e6c83c0f0a1aa80013b2756c5a831f3413a4c57ca37f7ec4a95a173e1f3d67e49f1fff2071273acc538317

    • SSDEEP

      12288:f9HL2oQDZHVAagea5LShm4UYVicig0AeBeyg7:f9HaoQDZHVAdLum5cizAeBeyq

    Score
    1/10
    behavioral15behavioral16

    • Target

      log4net.dll

    • Size

      264KB

    • MD5

      2138af60b5343dd66d4a7f5d22693e19

    • SHA1

      63d59196e772434782e1f1be41f54a1b812d71e6

    • SHA256

      2a968d587e6579254446f9fbec669bdcd659e487e89256fcdf0114a55cb5b749

    • SHA512

      945d068a5d19362be133c17231b2a3cb3443212d2c3a8122080dc489d402cb6c92999be3ca26b5e228c8eb50e7cfba8f8f9daf219d78ab56c7364407385d2567

    • SSDEEP

      3072:mYomTrnlgoLHnOa7Y+YJ6IKOl3HDvdyZHHME3nY7vTSGF0MMkEn7GDRGvmJJ:mYBHpY+YPXhmHHM22vTSoXMARGv

    Score
    1/10
    behavioral17behavioral18

    • Target

      zxing.dll

    • Size

      425KB

    • MD5

      130d5eadd101a314f3a5d74686322b78

    • SHA1

      f22ebb5055eae52482d40239dc0dfd9c104b2944

    • SHA256

      659be9982584a888d05fa153feb5e4be17b3482b18f78cfc7f1d7603f4f9c11f

    • SHA512

      f0b03370ef886977e745dd1d83772b5ac743f19c0bb3a54d2db9db683a68344f36b494bd2ddedfc08c748714e392b42995019344e17577cd5b405fa9648e377f

    • SSDEEP

      6144:krXjU1R0pEaKyEgngsciV5qXJHJRjoBasQzxzbK0Ja2uiLT3pF0RaMKU5icUu:krX4tnl2zeZHPc0U0Ja2uiLT3pGRaMF

    Score
    1/10
    behavioral19behavioral20

MITRE ATT&CK Enterprise v15

Tasks