Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

48fb197c47...ad.exe

windows7-x64

8

48fb197c47...ad.exe

windows10-2004-x64

7

$PLUGINSDI...ne.dll

windows7-x64

1

$PLUGINSDI...ne.dll

windows10-2004-x64

1

$PLUGINSDI...ip.dll

windows7-x64

1

$PLUGINSDI...ip.dll

windows10-2004-x64

1

$PLUGINSDIR/INetC.dll

windows7-x64

3

$PLUGINSDIR/INetC.dll

windows10-2004-x64

3

$PLUGINSDI...er.dll

windows7-x64

1

$PLUGINSDI...er.dll

windows10-2004-x64

1

$PLUGINSDI...on.dll

windows7-x64

1

$PLUGINSDI...on.dll

windows10-2004-x64

1

$PLUGINSDI...er.exe

windows7-x64

4

$PLUGINSDI...er.exe

windows10-2004-x64

5

$PLUGINSDI...ls.dll

windows7-x64

1

$PLUGINSDI...ls.dll

windows10-2004-x64

1

$PLUGINSDI...en.dll

windows7-x64

1

$PLUGINSDI...en.dll

windows10-2004-x64

1

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...p.html

windows7-x64

1

$PLUGINSDI...p.html

windows10-2004-x64

1

$PLUGINSDI...x.html

windows7-x64

1

$PLUGINSDI...x.html

windows10-2004-x64

1

$PLUGINSDI...app.js

windows7-x64

3

$PLUGINSDI...app.js

windows10-2004-x64

3

$PLUGINSDI...uts.js

windows7-x64

3

$PLUGINSDI...uts.js

windows10-2004-x64

3

$PLUGINSDI...dle.js

windows7-x64

3

$PLUGINSDI...dle.js

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    48fb197c4729a0355dd805266a2fb4dba95343d95a74ec26568b61953195d9ad

  • Size

    2.0MB

  • Sample

    240612-d7kdaszdrp

  • MD5

    eb45d73ec888366519cadddd38c6e79e

  • SHA1

    0ad5d84271e0d44f6bcadda6a8b442e424a85823

  • SHA256

    48fb197c4729a0355dd805266a2fb4dba95343d95a74ec26568b61953195d9ad

  • SHA512

    eb0eecb64598d703a2c77e393fd435e308c2d5c11c1af73b710783d06720f4b6577259ef6e6395d4d408424f50d078a61c0cec0b931707e534b3146e06753695

  • SSDEEP

    49152:L1Rce6xE87vxpsrFpIvgV7Rlh4TrAzPYnsBYkjLRUcz:Lj4PN+TIvWOywn/4CW

Score
8/10
executionpersistence

Malware Config

Targets

    • Target

      48fb197c4729a0355dd805266a2fb4dba95343d95a74ec26568b61953195d9ad

    • Size

      2.0MB

    • MD5

      eb45d73ec888366519cadddd38c6e79e

    • SHA1

      0ad5d84271e0d44f6bcadda6a8b442e424a85823

    • SHA256

      48fb197c4729a0355dd805266a2fb4dba95343d95a74ec26568b61953195d9ad

    • SHA512

      eb0eecb64598d703a2c77e393fd435e308c2d5c11c1af73b710783d06720f4b6577259ef6e6395d4d408424f50d078a61c0cec0b931707e534b3146e06753695

    • SSDEEP

      49152:L1Rce6xE87vxpsrFpIvgV7Rlh4TrAzPYnsBYkjLRUcz:Lj4PN+TIvWOywn/4CW

    Score
    8/10
    persistence

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/CommandLine.dll

    • Size

      68KB

    • MD5

      77eecb33d25e45b3f66aea548fe0e0b4

    • SHA1

      c12762c606398ab74a80bd7ff2af487b8c31f81a

    • SHA256

      2d8c7e423c65325e4d170d3762eaad3ae36dbdf1a92b8b87b6f6e6f5c0e7a978

    • SHA512

      b6b73dae952cbb6be2ee8f278d12120e8b83320a7b041110913000f74dcb75c7fe73d54c54af6d70e25145ed8f9d5c3dfdc13a64ffd09b1758f93f6f6a1f8f57

    • SSDEEP

      1536:SZj9JT17qpL/6ePMqBNzrstoJSkrjbgbwzis3hwb7Px3hzs:Sx9JT17WPMqBNWAkbwzi7bXs

    Score
    1/10
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/DotNetZip.dll

    • Size

      467KB

    • MD5

      190e712f2e3b065ba3d5f63cb9b7725e

    • SHA1

      75c1c8dd93c7c8a4b3719bb77c6e1d1a1620ae12

    • SHA256

      6c512d9943a225d686b26fc832589e4c8bef7c4dd0a8bdfd557d5d27fe5bba0f

    • SHA512

      2b4898d2d6982917612d04442807bd58c37739b2e4b302c94f41e03e685e24b9183b12de2057b3b303483698ad95e3a37795e6eb6d2d3b71e332b59deeca7d02

    • SSDEEP

      6144:GuCInHLhJI4FY/ixjci6ychf8xalGQGtSV41kJDsTDDpBnse6OVxLV/Wo0k:UQL32ikCaUS4csRBse6sfWNk

    Score
    1/10
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/INetC.dll

    • Size

      24KB

    • MD5

      640bff73a5f8e37b202d911e4749b2e9

    • SHA1

      9588dd7561ab7de3bca392b084bec91f3521c879

    • SHA256

      c1e568e25ec111184deb1b87cfda4bfec529b1abeab39b66539d998012f33502

    • SHA512

      39c6c358e2b480c8cbebcc1da683924c8092fb2947f2da4a8df1b0dc1fdda61003d91d12232a436ec88ff4e0995b7f6ee8c6efbdca935eaa984001f7a72fea0a

    • SSDEEP

      384:wv1j9e9dEs+rN+qFLAjNXT37vYnOrvFhSL+ZwcSyekzANZBJ:w1AvEs3HBLzYn29vYh

    Score
    3/10
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/Microsoft.Win32.TaskScheduler.dll

    • Size

      124KB

    • MD5

      cfb090f4c5e6967e72a818d28847016c

    • SHA1

      0357eee58ed139a461e96b34ad468ff6c20b5997

    • SHA256

      cc3b06beeedba561e5be550e1e1b9325b132ca4b1ecd3eb6dd4a5a35b405dc98

    • SHA512

      ace08ecdb822fc5748b0af0b5e7fa9be37334182219828097ef537c8c74f0f939ddf7b974512b0ef1f44767a3b6af1753787576369e4d75af178f7975d0dc222

    • SSDEEP

      3072:FBCeNh/pcfnLq3wyXYsKRNRwxz+gT37teucRpH0da1:FB/w4xQWOX1

    Score
    1/10
    behavioral10behavioral9

    • Target

      $PLUGINSDIR/Newtonsoft.Json.dll

    • Size

      692KB

    • MD5

      98cbb64f074dc600b23a2ee1a0f46448

    • SHA1

      c5e5ec666eeb51ec15d69d27685fe50148893e34

    • SHA256

      7b44639cbfbc8ddac8c7a3de8ffa97a7460bebb0d54e9ff2e1ccdc3a742c2b13

    • SHA512

      eb9eabee5494f5eb1062a33cc605b66d051da6c6990860fe4fd20e5b137458277a636cf27c4f133012d7e0efaa5feb6f48f1e2f342008482c951a6d61feec147

    • SSDEEP

      12288:p9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3SH:p8m657w6ZBLmkitKqBCjC0PDgM5CH

    Score
    1/10
    behavioral11behavioral12

    • Target

      $PLUGINSDIR/OWInstaller.exe

    • Size

      325KB

    • MD5

      d2d62837efe824f9df4e51c3aa7da8b6

    • SHA1

      ca2c1f1a002d0a94d068f16ea812813acd28262a

    • SHA256

      7373ae1e5aa96890b0d57a8208d69026b6dd4e6f7c96449b976b4ec723f72b32

    • SHA512

      65d732a101bf9058cc89069f5ea1a8d95b7bb8c85e481180893746a0dfca587c64a1446a6dda023fca52f5cd595d4895776e16da438877caaa92be7d09cd3e59

    • SSDEEP

      6144:huKDH8Zo5zUVQ5vvzL9baFoSpm9whNK632I6pbgvcp:huvGPN2oS1NRm

    Score
    5/10
    persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    behavioral13behavioral14

    • Target

      $PLUGINSDIR/OverWolf.Client.CommonUtils.dll

    • Size

      576KB

    • MD5

      ba5b3f5dfaeebb84a8b53a3042f71e97

    • SHA1

      178c530ad88a12036f07b96f85c497a201a50c96

    • SHA256

      2c7a781c465d59b55847c9879b229f40dbb3f3c049c3cbe7b2a59db42ace8a15

    • SHA512

      e5f6022621c1504b8268832752459f0fafd01c8e19e1691b2992f046c58cbbc77f24514491ae64265e42e3017cde99b348e9ab859995b020ba06d2db373b2472

    • SSDEEP

      6144:1JINuNxoOlBs/kC1SKe7shUX+IJzsuV2uhVt8YEQQ+bwfk6J6IptlzMR+wjKqfz9:1JCpNklCFk2uC/bJPjMlZlyVhk

    Score
    1/10
    behavioral15behavioral16

    • Target

      $PLUGINSDIR/SharpRaven.dll

    • Size

      80KB

    • MD5

      42fcbc407c2019d4f2887935f1c1ca27

    • SHA1

      1ffa364fed6c1d0d4da323267c7b3f9d5ca327a3

    • SHA256

      ea5d4141a5deaacc3eccd327159ebe32f31d837121146dfc1e7a0f1999f9174b

    • SHA512

      bac6462a5b1ce4313dbc467fb05f0f984c34caf164f61d91b8f8d61bdce0a01c41eac9ba6e3526e8641389198c6154222036b6fc74e547494c8917d109ec3da3

    • SSDEEP

      1536:ea9qjviI1YjOrfRK9bvyyfpHbnzDwkN7PB3h3z:eEuqI1lRKbvyyB7nlN7z

    Score
    1/10
    behavioral17behavioral18

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      7399323923e3946fe9140132ac388132

    • SHA1

      728257d06c452449b1241769b459f091aabcffc5

    • SHA256

      5a1c20a3e2e2eb182976977669f2c5d9f3104477e98f74d69d2434e79b92fdc3

    • SHA512

      d6f28ba761351f374ae007c780be27758aea7b9f998e2a88a542eede459d18700adffe71abcb52b8a8c00695efb7ccc280175b5eeb57ca9a645542edfabb64f1

    • SSDEEP

      192:eF2HS5ih/7i00dWz9T7PH6lOFcQMI5+Vw+bPFomi7dJWsP:rSUmlw9T7DmnI5+N273FP

    Score
    3/10
    behavioral19behavioral20

    • Target

      $PLUGINSDIR/UserInfo.dll

    • Size

      4KB

    • MD5

      9301577ff4d229347fe33259b43ef3b2

    • SHA1

      5e39eb4f99920005a4b2303c8089d77f589c133d

    • SHA256

      090c4bc8dc534e97b3877bd5115eb58b3e181495f29f231479f540bab5c01edc

    • SHA512

      77dc7a1dedaeb1fb2ccefaba0a526b8d40ea64b9b37af53c056b9428159b67d552e5e3861cbffc2149ec646fdfe9ce94f4fdca51703f79c93e5f45c085e52c79

    Score
    3/10
    behavioral21behavioral22

    • Target

      $PLUGINSDIR/app/cmp.html

    • Size

      4KB

    • MD5

      7c4c64c1c57183740825417cab13824e

    • SHA1

      9d796612a9a0a0868f10f468cd929220aa9dde55

    • SHA256

      10fdd5b9288580da92318e5306c753a16d97463ce9c620d90b4fd0702ff27216

    • SHA512

      f45295ecc4012e5016561a0e4a6aecda1dce575da85222145db8004711dcb84e6be77f002f01502866fcae6364df53254bf0d638552390f18459d360e6eaaa97

    • SSDEEP

      48:t9rc0/GLAoShbEHaLKNGiNQtvmolOGR36tgtr/GTvJP3ALcaILNt7ByBZXGz+a1K:4VLjHa2NGiivmmppLBAtFwAk5vSG

    Score
    1/10
    behavioral23behavioral24

    • Target

      $PLUGINSDIR/app/index.html

    • Size

      18KB

    • MD5

      d367bf95bb13abbb839927ef76618253

    • SHA1

      95b95767ec022a74f4c9a6b74895557439817ac9

    • SHA256

      a7db7133613735b6b5c96d4ee3eb8a1630ee783dd41a81260f2461a66c3728d8

    • SHA512

      98fa35e39b3dc54d410c7b4af0efe31845e195473843d2ce0e25ad4b892784a2fba6a9e99964b47a4c3c1d49bc9e839c210a73c7cc788643ef36abe8a1966952

    • SSDEEP

      192:8sdqpDN4FHmY74+/qmtRCtmK8W9I2gHHMlxh8B39LJXHab4mfgJnc5wC93u8hJuM:9BaMminGV+kZf1

    Score
    1/10
    behavioral25behavioral26

    • Target

      $PLUGINSDIR/app/js/app.js

    • Size

      21KB

    • MD5

      7c15ecdc0a6c4894af1ebf28e32aed6f

    • SHA1

      db55a0d8935fb49b9be45da4bb4ee88a5277b7db

    • SHA256

      5e67c50e827ad0e651d58646ffeae6a22d6c048e34e33b5e8f1fa98a21f40eab

    • SHA512

      792a28a59330c60f8769d46eb32d1e0c0ff25b27b338288eb6c6e4c7278d3c4dacd44d58bf8c5006e4b8fa5dc313ee23581d0c33e2b0696632dafd7223893472

    • SSDEEP

      384:4X+acDQFcljKdZGb9plmt002wjI3A4vnzwF52xxYRifG6wXR3FGHWdXxj8T:0+acDQ+lOdEbdmKH3A4vnzIAnGifG1X+

    Score
    3/10
    execution
    behavioral27behavioral28

    • Target

      $PLUGINSDIR/app/js/block_inputs.js

    • Size

      789B

    • MD5

      b5b52c92b90f4283a761cb8a40860c75

    • SHA1

      7212e7e566795017e179e7b9c9bf223b0cdb9ec2

    • SHA256

      f8dbd6793b35f7a26806f4dabad157aaafdf6d66fad094b50c77d60f223fd544

    • SHA512

      16ad53ede5424ca1384e3caea25225589e9eec9e80e2d845948802db90fad222f709a7b651cd7601a34ba67a0627433f25764638fd542cbd4612871308e7b353

    Score
    3/10
    execution
    behavioral29behavioral30

    • Target

      $PLUGINSDIR/app/js/libs/cmp.bundle.js

    • Size

      296KB

    • MD5

      c3dbbd4cfe15de60c8c3606ddf9c8784

    • SHA1

      ef44afa8b6fb172b04aa62242b78d90b7ff34a3f

    • SHA256

      a1d99c498fb84e20aeffcb22e7b473fa88e2909f2b9eacdc63d8e09aa56b5aec

    • SHA512

      849a71028e2db8a14178c14c05de413d23282fa49b59befddbc5279d203f27e0d2b21ee9ef43d0aa15b2c81c17d42301d52760c894b9f7ee78ddad258f31a5f9

    • SSDEEP

      1536:4UGMT5RS+P8pGjQp1jdH6cArFGrgkGXZyWkNTQ+3xXtbs3Z4mSn/C595oRHQRmP8:4Ur5RFgrMcoFGrgNjkNTQ+c3nouR6TQ

    Score
    3/10
    execution
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

Score
8/10

behavioral2

persistence
Score
7/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
4/10

behavioral14

persistence
Score
5/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
3/10

behavioral20

Score
3/10

behavioral21

Score
3/10

behavioral22

Score
3/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

execution
Score
3/10

behavioral28

execution
Score
3/10

behavioral29

execution
Score
3/10

behavioral30

execution
Score
3/10

behavioral31

execution
Score
3/10

behavioral32

execution
Score
3/10