Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
371adc882c0...74.exe
windows7-x64
771adc882c0...74.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3App_Encryp...ty.exe
windows7-x64
3App_Encryp...ty.exe
windows10-2004-x64
3File/Crypt...86.dll
windows7-x64
1File/Crypt...86.dll
windows10-2004-x64
1File/runRe...it.bat
windows7-x64
3File/runRe...it.bat
windows10-2004-x64
7GXT.HttpWe...ls.dll
windows7-x64
1GXT.HttpWe...ls.dll
windows10-2004-x64
1Newtonsoft.Json.dll
windows7-x64
1Newtonsoft.Json.dll
windows10-2004-x64
1log4net.dll
windows7-x64
1log4net.dll
windows10-2004-x64
1zxing.dll
windows7-x64
1zxing.dll
windows10-2004-x64
1Analysis
-
max time kernel
114s -
max time network
159s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
11/06/2024, 16:29
Static task
static1
Behavioral task
behavioral1
Sample
71adc882c04d3971db6186a8630db425c571b8db6403036745e86b53bf1d3474.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
71adc882c04d3971db6186a8630db425c571b8db6403036745e86b53bf1d3474.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240215-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
App_EncryptUtility.exe
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
App_EncryptUtility.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
File/CryptoKit.SDEG.x86.dll
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
File/CryptoKit.SDEG.x86.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral11
Sample
File/runReg_admin_CryptoKit.bat
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
File/runReg_admin_CryptoKit.bat
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
GXT.HttpWebRequestUtils.dll
Resource
win7-20231129-en
Behavioral task
behavioral14
Sample
GXT.HttpWebRequestUtils.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
Newtonsoft.Json.dll
Resource
win7-20240508-en
Behavioral task
behavioral16
Sample
Newtonsoft.Json.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
log4net.dll
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
log4net.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral19
Sample
zxing.dll
Resource
win7-20240508-en
Behavioral task
behavioral20
Sample
zxing.dll
Resource
win10v2004-20240426-en
General
-
Target
71adc882c04d3971db6186a8630db425c571b8db6403036745e86b53bf1d3474.exe
-
Size
1.2MB
-
MD5
257e2d1def8119cf32305d0ae2248438
-
SHA1
0b66b76837f1e30621e6f58ccc508e7434e2ad21
-
SHA256
71adc882c04d3971db6186a8630db425c571b8db6403036745e86b53bf1d3474
-
SHA512
68f70573882790806ebbf9d5b28dde4a097a3965afda675d61b7e87367d19b76878f22e6c05ee0a040b654f08b1f09483988e7b966a716b94d37ec678c953227
-
SSDEEP
24576:MN4PIMCCydKVsrotSJ1tyDENPkUCpNkN0e+rTnKpTfS0Zs89ak296g:8lwmKq8KtymPMk6eyTnKZfSlj0g
Malware Config
Signatures
-
Loads dropped DLL 2 IoCs
pid Process 4068 71adc882c04d3971db6186a8630db425c571b8db6403036745e86b53bf1d3474.exe 4068 71adc882c04d3971db6186a8630db425c571b8db6403036745e86b53bf1d3474.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
Processes
-
C:\Users\Admin\AppData\Local\Temp\71adc882c04d3971db6186a8630db425c571b8db6403036745e86b53bf1d3474.exe"C:\Users\Admin\AppData\Local\Temp\71adc882c04d3971db6186a8630db425c571b8db6403036745e86b53bf1d3474.exe"1⤵
- Loads dropped DLL
PID:4068
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3692 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:81⤵PID:3400
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
15KB
MD5ece25721125d55aa26cdfe019c871476
SHA1b87685ae482553823bf95e73e790de48dc0c11ba
SHA256c7fef6457989d97fecc0616a69947927da9d8c493f7905dc8475c748f044f3cf
SHA5124e384735d03c943f5eb3396bb3a9cb42c9d8a5479fe2871de5b8bc18db4bbd6e2c5f8fd71b6840512a7249e12a1c63e0e760417e4baa3dc30f51375588410480
-
Filesize
1KB
MD5647bdafa7bd2cf8750af58f935c309d5
SHA15c7917906c8adcf58d6f6289d4e3bfbf34ee3b46
SHA256408f823c814ac5746a92e7aebb3fb330a9c07470dbfa7f908291e8981f675b39
SHA51207a215668fa097d42ba93acaae766950094ef690430dfe1d7dad0ee3a217ad150081f9726dc2d7252e3d8192a43e58ba4c49ec3b07f022b5f08f95dc01a9cf47