Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
371adc882c0...74.exe
windows7-x64
771adc882c0...74.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3App_Encryp...ty.exe
windows7-x64
3App_Encryp...ty.exe
windows10-2004-x64
3File/Crypt...86.dll
windows7-x64
1File/Crypt...86.dll
windows10-2004-x64
1File/runRe...it.bat
windows7-x64
3File/runRe...it.bat
windows10-2004-x64
7GXT.HttpWe...ls.dll
windows7-x64
1GXT.HttpWe...ls.dll
windows10-2004-x64
1Newtonsoft.Json.dll
windows7-x64
1Newtonsoft.Json.dll
windows10-2004-x64
1log4net.dll
windows7-x64
1log4net.dll
windows10-2004-x64
1zxing.dll
windows7-x64
1zxing.dll
windows10-2004-x64
1General
-
Target
71adc882c04d3971db6186a8630db425c571b8db6403036745e86b53bf1d3474
-
Size
1.2MB
-
Sample
240611-tzm28atbmf
-
MD5
257e2d1def8119cf32305d0ae2248438
-
SHA1
0b66b76837f1e30621e6f58ccc508e7434e2ad21
-
SHA256
71adc882c04d3971db6186a8630db425c571b8db6403036745e86b53bf1d3474
-
SHA512
68f70573882790806ebbf9d5b28dde4a097a3965afda675d61b7e87367d19b76878f22e6c05ee0a040b654f08b1f09483988e7b966a716b94d37ec678c953227
-
SSDEEP
24576:MN4PIMCCydKVsrotSJ1tyDENPkUCpNkN0e+rTnKpTfS0Zs89ak296g:8lwmKq8KtymPMk6eyTnKZfSlj0g
Static task
static1
Behavioral task
behavioral1
Sample
71adc882c04d3971db6186a8630db425c571b8db6403036745e86b53bf1d3474.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
71adc882c04d3971db6186a8630db425c571b8db6403036745e86b53bf1d3474.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240215-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
App_EncryptUtility.exe
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
App_EncryptUtility.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
File/CryptoKit.SDEG.x86.dll
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
File/CryptoKit.SDEG.x86.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral11
Sample
File/runReg_admin_CryptoKit.bat
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
File/runReg_admin_CryptoKit.bat
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
GXT.HttpWebRequestUtils.dll
Resource
win7-20231129-en
Behavioral task
behavioral14
Sample
GXT.HttpWebRequestUtils.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
Newtonsoft.Json.dll
Resource
win7-20240508-en
Behavioral task
behavioral16
Sample
Newtonsoft.Json.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
log4net.dll
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
log4net.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral19
Sample
zxing.dll
Resource
win7-20240508-en
Behavioral task
behavioral20
Sample
zxing.dll
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
71adc882c04d3971db6186a8630db425c571b8db6403036745e86b53bf1d3474
-
Size
1.2MB
-
MD5
257e2d1def8119cf32305d0ae2248438
-
SHA1
0b66b76837f1e30621e6f58ccc508e7434e2ad21
-
SHA256
71adc882c04d3971db6186a8630db425c571b8db6403036745e86b53bf1d3474
-
SHA512
68f70573882790806ebbf9d5b28dde4a097a3965afda675d61b7e87367d19b76878f22e6c05ee0a040b654f08b1f09483988e7b966a716b94d37ec678c953227
-
SSDEEP
24576:MN4PIMCCydKVsrotSJ1tyDENPkUCpNkN0e+rTnKpTfS0Zs89ak296g:8lwmKq8KtymPMk6eyTnKZfSlj0g
Score7/10-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
15KB
-
MD5
ece25721125d55aa26cdfe019c871476
-
SHA1
b87685ae482553823bf95e73e790de48dc0c11ba
-
SHA256
c7fef6457989d97fecc0616a69947927da9d8c493f7905dc8475c748f044f3cf
-
SHA512
4e384735d03c943f5eb3396bb3a9cb42c9d8a5479fe2871de5b8bc18db4bbd6e2c5f8fd71b6840512a7249e12a1c63e0e760417e4baa3dc30f51375588410480
-
SSDEEP
384:EXsC43tPegZ3eBaRwCPOYY7nNYXC06/Yosa:EXJTgZ3eBTCmrnNA5p
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
cff85c549d536f651d4fb8387f1976f2
-
SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
-
SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
-
SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88
-
SSDEEP
192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
Score3/10 -
-
-
Target
App_EncryptUtility.exe
-
Size
207KB
-
MD5
2c315dde043485aed86d73b92a33c593
-
SHA1
1ca632e820e6bec9e2c8862f7ebb72a13b448941
-
SHA256
2e1440a7132af9c32b68b1719bbb577978a7a88b41117649b93872743f4df532
-
SHA512
7faf926b4d562869c4e86c9ea7a7cf08504f110e423e65dae97f98e8c624a373f3d424042b6da263346ecb5ae49e408b7afb8079214809481d23bb161c6b414d
-
SSDEEP
3072:mUW4BskUwTFmtU7BtEc/FFcVP5daEuhMQ9XhdbvJBml+br/r+rquTNu:ZWOskUwTH7Bl/FFcVGE+BmAyrVB
Score3/10 -
-
-
Target
File/CryptoKit.SDEG.x86.dll
-
Size
1.1MB
-
MD5
8b0b7f6b9b8df86944d0222229d68816
-
SHA1
8c92080de0f48fd932834a76c7dc20c195320cde
-
SHA256
7911ed26af8ad6dbc04e3cfce489c888e18724d41ff878051936bb2fde6f5ebe
-
SHA512
1472edb3081262ef46702b13ebb8ef6bf7aeba68c2a739efa4e21b83a63a8575291d65eb94457f3fef355da57742c5976f37a1161b411e21ddb5a610b0ec623d
-
SSDEEP
24576:dsegze2uMa6Ji9PULxI9XSFW5s0kI/xBdTlCQPb1+:jgS2NfVI9Ev0j/DdpD1+
Score1/10 -
-
-
Target
File/runReg_admin_CryptoKit.bat
-
Size
358B
-
MD5
b813c9f650bc28f8062a640788d589c7
-
SHA1
99959bb6d7b00b9255d3ff7145be22669e5e92bd
-
SHA256
0054e30f1d7d46f510cf2d91d0cbbb6d966c6e39af3fbdf90a40badee85349b3
-
SHA512
344e0b1f986596b450613624b5e72384568a7246e77d995f85dd3dee6a7d0fab574ee8ab880fb3540703df68f7d2d6bf0b52afe899c0abb991bb4434b7ec4b34
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
GXT.HttpWebRequestUtils.dll
-
Size
8KB
-
MD5
abdbfaf8c4d63d960302258b669b32a6
-
SHA1
bfb438788d0672134a450ed1824cb9b52733f8f9
-
SHA256
5d1586048564084fafc28f4e2f350a7930aec64c08289a84313ef0d371dd04fd
-
SHA512
a68a27fb40cbdc0e1c964db265df0fd64ed98c7937989d3dda832a1675d61322707ceab6f058102e183383f4371041d50a8bcb0d1914f548a0f3e0d11b768b5d
-
SSDEEP
192:t5zkBxlXJ+GScAtQX5arZacKDlItXGpcY:rmPJ+GpJarZaTGXG6Y
Score1/10 -
-
-
Target
Newtonsoft.Json.dll
-
Size
487KB
-
MD5
0c33e2f116aaa66d0012a8376d82ce29
-
SHA1
81cd6b87a9f7b4a174138312986d682f464067f4
-
SHA256
9a19ef049430af9ac49ff719cbfb73dc6c6b0d0ef53914479dd282260771518b
-
SHA512
b19dceb47d943bcb40f185e232eb1a0f665f6b6107e6c83c0f0a1aa80013b2756c5a831f3413a4c57ca37f7ec4a95a173e1f3d67e49f1fff2071273acc538317
-
SSDEEP
12288:f9HL2oQDZHVAagea5LShm4UYVicig0AeBeyg7:f9HaoQDZHVAdLum5cizAeBeyq
Score1/10 -
-
-
Target
log4net.dll
-
Size
264KB
-
MD5
2138af60b5343dd66d4a7f5d22693e19
-
SHA1
63d59196e772434782e1f1be41f54a1b812d71e6
-
SHA256
2a968d587e6579254446f9fbec669bdcd659e487e89256fcdf0114a55cb5b749
-
SHA512
945d068a5d19362be133c17231b2a3cb3443212d2c3a8122080dc489d402cb6c92999be3ca26b5e228c8eb50e7cfba8f8f9daf219d78ab56c7364407385d2567
-
SSDEEP
3072:mYomTrnlgoLHnOa7Y+YJ6IKOl3HDvdyZHHME3nY7vTSGF0MMkEn7GDRGvmJJ:mYBHpY+YPXhmHHM22vTSoXMARGv
Score1/10 -
-
-
Target
zxing.dll
-
Size
425KB
-
MD5
130d5eadd101a314f3a5d74686322b78
-
SHA1
f22ebb5055eae52482d40239dc0dfd9c104b2944
-
SHA256
659be9982584a888d05fa153feb5e4be17b3482b18f78cfc7f1d7603f4f9c11f
-
SHA512
f0b03370ef886977e745dd1d83772b5ac743f19c0bb3a54d2db9db683a68344f36b494bd2ddedfc08c748714e392b42995019344e17577cd5b405fa9648e377f
-
SSDEEP
6144:krXjU1R0pEaKyEgngsciV5qXJHJRjoBasQzxzbK0Ja2uiLT3pF0RaMKU5icUu:krX4tnl2zeZHPc0U0Ja2uiLT3pGRaMF
Score1/10 -