Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
8Static
static
348fb197c47...ad.exe
windows7-x64
848fb197c47...ad.exe
windows10-2004-x64
7$PLUGINSDI...ne.dll
windows7-x64
1$PLUGINSDI...ne.dll
windows10-2004-x64
1$PLUGINSDI...ip.dll
windows7-x64
1$PLUGINSDI...ip.dll
windows10-2004-x64
1$PLUGINSDIR/INetC.dll
windows7-x64
3$PLUGINSDIR/INetC.dll
windows10-2004-x64
3$PLUGINSDI...er.dll
windows7-x64
1$PLUGINSDI...er.dll
windows10-2004-x64
1$PLUGINSDI...on.dll
windows7-x64
1$PLUGINSDI...on.dll
windows10-2004-x64
1$PLUGINSDI...er.exe
windows7-x64
4$PLUGINSDI...er.exe
windows10-2004-x64
5$PLUGINSDI...ls.dll
windows7-x64
1$PLUGINSDI...ls.dll
windows10-2004-x64
1$PLUGINSDI...en.dll
windows7-x64
1$PLUGINSDI...en.dll
windows10-2004-x64
1$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3$PLUGINSDI...p.html
windows7-x64
1$PLUGINSDI...p.html
windows10-2004-x64
1$PLUGINSDI...x.html
windows7-x64
1$PLUGINSDI...x.html
windows10-2004-x64
1$PLUGINSDI...app.js
windows7-x64
3$PLUGINSDI...app.js
windows10-2004-x64
3$PLUGINSDI...uts.js
windows7-x64
3$PLUGINSDI...uts.js
windows10-2004-x64
3$PLUGINSDI...dle.js
windows7-x64
3$PLUGINSDI...dle.js
windows10-2004-x64
3General
-
Target
48fb197c4729a0355dd805266a2fb4dba95343d95a74ec26568b61953195d9ad
-
Size
2.0MB
-
Sample
240612-d7kdaszdrp
-
MD5
eb45d73ec888366519cadddd38c6e79e
-
SHA1
0ad5d84271e0d44f6bcadda6a8b442e424a85823
-
SHA256
48fb197c4729a0355dd805266a2fb4dba95343d95a74ec26568b61953195d9ad
-
SHA512
eb0eecb64598d703a2c77e393fd435e308c2d5c11c1af73b710783d06720f4b6577259ef6e6395d4d408424f50d078a61c0cec0b931707e534b3146e06753695
-
SSDEEP
49152:L1Rce6xE87vxpsrFpIvgV7Rlh4TrAzPYnsBYkjLRUcz:Lj4PN+TIvWOywn/4CW
Static task
static1
Behavioral task
behavioral1
Sample
48fb197c4729a0355dd805266a2fb4dba95343d95a74ec26568b61953195d9ad.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
48fb197c4729a0355dd805266a2fb4dba95343d95a74ec26568b61953195d9ad.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/CommandLine.dll
Resource
win7-20240611-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/CommandLine.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/DotNetZip.dll
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/DotNetZip.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/INetC.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/INetC.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/Microsoft.Win32.TaskScheduler.dll
Resource
win7-20240611-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/Microsoft.Win32.TaskScheduler.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/Newtonsoft.Json.dll
Resource
win7-20231129-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/Newtonsoft.Json.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/OWInstaller.exe
Resource
win7-20240508-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/OWInstaller.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/OverWolf.Client.CommonUtils.dll
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/OverWolf.Client.CommonUtils.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
$PLUGINSDIR/SharpRaven.dll
Resource
win7-20240508-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/SharpRaven.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral19
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral21
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20240508-en
Behavioral task
behavioral22
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral23
Sample
$PLUGINSDIR/app/cmp.html
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
$PLUGINSDIR/app/cmp.html
Resource
win10v2004-20240611-en
Behavioral task
behavioral25
Sample
$PLUGINSDIR/app/index.html
Resource
win7-20231129-en
Behavioral task
behavioral26
Sample
$PLUGINSDIR/app/index.html
Resource
win10v2004-20240611-en
Behavioral task
behavioral27
Sample
$PLUGINSDIR/app/js/app.js
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
$PLUGINSDIR/app/js/app.js
Resource
win10v2004-20240611-en
Behavioral task
behavioral29
Sample
$PLUGINSDIR/app/js/block_inputs.js
Resource
win7-20240508-en
Behavioral task
behavioral30
Sample
$PLUGINSDIR/app/js/block_inputs.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral31
Sample
$PLUGINSDIR/app/js/libs/cmp.bundle.js
Resource
win7-20240419-en
Behavioral task
behavioral32
Sample
$PLUGINSDIR/app/js/libs/cmp.bundle.js
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
48fb197c4729a0355dd805266a2fb4dba95343d95a74ec26568b61953195d9ad
-
Size
2.0MB
-
MD5
eb45d73ec888366519cadddd38c6e79e
-
SHA1
0ad5d84271e0d44f6bcadda6a8b442e424a85823
-
SHA256
48fb197c4729a0355dd805266a2fb4dba95343d95a74ec26568b61953195d9ad
-
SHA512
eb0eecb64598d703a2c77e393fd435e308c2d5c11c1af73b710783d06720f4b6577259ef6e6395d4d408424f50d078a61c0cec0b931707e534b3146e06753695
-
SSDEEP
49152:L1Rce6xE87vxpsrFpIvgV7Rlh4TrAzPYnsBYkjLRUcz:Lj4PN+TIvWOywn/4CW
Score8/10-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Drops file in System32 directory
-
-
-
Target
$PLUGINSDIR/CommandLine.dll
-
Size
68KB
-
MD5
77eecb33d25e45b3f66aea548fe0e0b4
-
SHA1
c12762c606398ab74a80bd7ff2af487b8c31f81a
-
SHA256
2d8c7e423c65325e4d170d3762eaad3ae36dbdf1a92b8b87b6f6e6f5c0e7a978
-
SHA512
b6b73dae952cbb6be2ee8f278d12120e8b83320a7b041110913000f74dcb75c7fe73d54c54af6d70e25145ed8f9d5c3dfdc13a64ffd09b1758f93f6f6a1f8f57
-
SSDEEP
1536:SZj9JT17qpL/6ePMqBNzrstoJSkrjbgbwzis3hwb7Px3hzs:Sx9JT17WPMqBNWAkbwzi7bXs
Score1/10 -
-
-
Target
$PLUGINSDIR/DotNetZip.dll
-
Size
467KB
-
MD5
190e712f2e3b065ba3d5f63cb9b7725e
-
SHA1
75c1c8dd93c7c8a4b3719bb77c6e1d1a1620ae12
-
SHA256
6c512d9943a225d686b26fc832589e4c8bef7c4dd0a8bdfd557d5d27fe5bba0f
-
SHA512
2b4898d2d6982917612d04442807bd58c37739b2e4b302c94f41e03e685e24b9183b12de2057b3b303483698ad95e3a37795e6eb6d2d3b71e332b59deeca7d02
-
SSDEEP
6144:GuCInHLhJI4FY/ixjci6ychf8xalGQGtSV41kJDsTDDpBnse6OVxLV/Wo0k:UQL32ikCaUS4csRBse6sfWNk
Score1/10 -
-
-
Target
$PLUGINSDIR/INetC.dll
-
Size
24KB
-
MD5
640bff73a5f8e37b202d911e4749b2e9
-
SHA1
9588dd7561ab7de3bca392b084bec91f3521c879
-
SHA256
c1e568e25ec111184deb1b87cfda4bfec529b1abeab39b66539d998012f33502
-
SHA512
39c6c358e2b480c8cbebcc1da683924c8092fb2947f2da4a8df1b0dc1fdda61003d91d12232a436ec88ff4e0995b7f6ee8c6efbdca935eaa984001f7a72fea0a
-
SSDEEP
384:wv1j9e9dEs+rN+qFLAjNXT37vYnOrvFhSL+ZwcSyekzANZBJ:w1AvEs3HBLzYn29vYh
Score3/10 -
-
-
Target
$PLUGINSDIR/Microsoft.Win32.TaskScheduler.dll
-
Size
124KB
-
MD5
cfb090f4c5e6967e72a818d28847016c
-
SHA1
0357eee58ed139a461e96b34ad468ff6c20b5997
-
SHA256
cc3b06beeedba561e5be550e1e1b9325b132ca4b1ecd3eb6dd4a5a35b405dc98
-
SHA512
ace08ecdb822fc5748b0af0b5e7fa9be37334182219828097ef537c8c74f0f939ddf7b974512b0ef1f44767a3b6af1753787576369e4d75af178f7975d0dc222
-
SSDEEP
3072:FBCeNh/pcfnLq3wyXYsKRNRwxz+gT37teucRpH0da1:FB/w4xQWOX1
Score1/10 -
-
-
Target
$PLUGINSDIR/Newtonsoft.Json.dll
-
Size
692KB
-
MD5
98cbb64f074dc600b23a2ee1a0f46448
-
SHA1
c5e5ec666eeb51ec15d69d27685fe50148893e34
-
SHA256
7b44639cbfbc8ddac8c7a3de8ffa97a7460bebb0d54e9ff2e1ccdc3a742c2b13
-
SHA512
eb9eabee5494f5eb1062a33cc605b66d051da6c6990860fe4fd20e5b137458277a636cf27c4f133012d7e0efaa5feb6f48f1e2f342008482c951a6d61feec147
-
SSDEEP
12288:p9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3SH:p8m657w6ZBLmkitKqBCjC0PDgM5CH
Score1/10 -
-
-
Target
$PLUGINSDIR/OWInstaller.exe
-
Size
325KB
-
MD5
d2d62837efe824f9df4e51c3aa7da8b6
-
SHA1
ca2c1f1a002d0a94d068f16ea812813acd28262a
-
SHA256
7373ae1e5aa96890b0d57a8208d69026b6dd4e6f7c96449b976b4ec723f72b32
-
SHA512
65d732a101bf9058cc89069f5ea1a8d95b7bb8c85e481180893746a0dfca587c64a1446a6dda023fca52f5cd595d4895776e16da438877caaa92be7d09cd3e59
-
SSDEEP
6144:huKDH8Zo5zUVQ5vvzL9baFoSpm9whNK632I6pbgvcp:huvGPN2oS1NRm
Score5/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
-
-
Target
$PLUGINSDIR/OverWolf.Client.CommonUtils.dll
-
Size
576KB
-
MD5
ba5b3f5dfaeebb84a8b53a3042f71e97
-
SHA1
178c530ad88a12036f07b96f85c497a201a50c96
-
SHA256
2c7a781c465d59b55847c9879b229f40dbb3f3c049c3cbe7b2a59db42ace8a15
-
SHA512
e5f6022621c1504b8268832752459f0fafd01c8e19e1691b2992f046c58cbbc77f24514491ae64265e42e3017cde99b348e9ab859995b020ba06d2db373b2472
-
SSDEEP
6144:1JINuNxoOlBs/kC1SKe7shUX+IJzsuV2uhVt8YEQQ+bwfk6J6IptlzMR+wjKqfz9:1JCpNklCFk2uC/bJPjMlZlyVhk
Score1/10 -
-
-
Target
$PLUGINSDIR/SharpRaven.dll
-
Size
80KB
-
MD5
42fcbc407c2019d4f2887935f1c1ca27
-
SHA1
1ffa364fed6c1d0d4da323267c7b3f9d5ca327a3
-
SHA256
ea5d4141a5deaacc3eccd327159ebe32f31d837121146dfc1e7a0f1999f9174b
-
SHA512
bac6462a5b1ce4313dbc467fb05f0f984c34caf164f61d91b8f8d61bdce0a01c41eac9ba6e3526e8641389198c6154222036b6fc74e547494c8917d109ec3da3
-
SSDEEP
1536:ea9qjviI1YjOrfRK9bvyyfpHbnzDwkN7PB3h3z:eEuqI1lRKbvyyB7nlN7z
Score1/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
7399323923e3946fe9140132ac388132
-
SHA1
728257d06c452449b1241769b459f091aabcffc5
-
SHA256
5a1c20a3e2e2eb182976977669f2c5d9f3104477e98f74d69d2434e79b92fdc3
-
SHA512
d6f28ba761351f374ae007c780be27758aea7b9f998e2a88a542eede459d18700adffe71abcb52b8a8c00695efb7ccc280175b5eeb57ca9a645542edfabb64f1
-
SSDEEP
192:eF2HS5ih/7i00dWz9T7PH6lOFcQMI5+Vw+bPFomi7dJWsP:rSUmlw9T7DmnI5+N273FP
Score3/10 -
-
-
Target
$PLUGINSDIR/UserInfo.dll
-
Size
4KB
-
MD5
9301577ff4d229347fe33259b43ef3b2
-
SHA1
5e39eb4f99920005a4b2303c8089d77f589c133d
-
SHA256
090c4bc8dc534e97b3877bd5115eb58b3e181495f29f231479f540bab5c01edc
-
SHA512
77dc7a1dedaeb1fb2ccefaba0a526b8d40ea64b9b37af53c056b9428159b67d552e5e3861cbffc2149ec646fdfe9ce94f4fdca51703f79c93e5f45c085e52c79
Score3/10 -
-
-
Target
$PLUGINSDIR/app/cmp.html
-
Size
4KB
-
MD5
7c4c64c1c57183740825417cab13824e
-
SHA1
9d796612a9a0a0868f10f468cd929220aa9dde55
-
SHA256
10fdd5b9288580da92318e5306c753a16d97463ce9c620d90b4fd0702ff27216
-
SHA512
f45295ecc4012e5016561a0e4a6aecda1dce575da85222145db8004711dcb84e6be77f002f01502866fcae6364df53254bf0d638552390f18459d360e6eaaa97
-
SSDEEP
48:t9rc0/GLAoShbEHaLKNGiNQtvmolOGR36tgtr/GTvJP3ALcaILNt7ByBZXGz+a1K:4VLjHa2NGiivmmppLBAtFwAk5vSG
Score1/10 -
-
-
Target
$PLUGINSDIR/app/index.html
-
Size
18KB
-
MD5
d367bf95bb13abbb839927ef76618253
-
SHA1
95b95767ec022a74f4c9a6b74895557439817ac9
-
SHA256
a7db7133613735b6b5c96d4ee3eb8a1630ee783dd41a81260f2461a66c3728d8
-
SHA512
98fa35e39b3dc54d410c7b4af0efe31845e195473843d2ce0e25ad4b892784a2fba6a9e99964b47a4c3c1d49bc9e839c210a73c7cc788643ef36abe8a1966952
-
SSDEEP
192:8sdqpDN4FHmY74+/qmtRCtmK8W9I2gHHMlxh8B39LJXHab4mfgJnc5wC93u8hJuM:9BaMminGV+kZf1
Score1/10 -
-
-
Target
$PLUGINSDIR/app/js/app.js
-
Size
21KB
-
MD5
7c15ecdc0a6c4894af1ebf28e32aed6f
-
SHA1
db55a0d8935fb49b9be45da4bb4ee88a5277b7db
-
SHA256
5e67c50e827ad0e651d58646ffeae6a22d6c048e34e33b5e8f1fa98a21f40eab
-
SHA512
792a28a59330c60f8769d46eb32d1e0c0ff25b27b338288eb6c6e4c7278d3c4dacd44d58bf8c5006e4b8fa5dc313ee23581d0c33e2b0696632dafd7223893472
-
SSDEEP
384:4X+acDQFcljKdZGb9plmt002wjI3A4vnzwF52xxYRifG6wXR3FGHWdXxj8T:0+acDQ+lOdEbdmKH3A4vnzIAnGifG1X+
Score3/10 -
-
-
Target
$PLUGINSDIR/app/js/block_inputs.js
-
Size
789B
-
MD5
b5b52c92b90f4283a761cb8a40860c75
-
SHA1
7212e7e566795017e179e7b9c9bf223b0cdb9ec2
-
SHA256
f8dbd6793b35f7a26806f4dabad157aaafdf6d66fad094b50c77d60f223fd544
-
SHA512
16ad53ede5424ca1384e3caea25225589e9eec9e80e2d845948802db90fad222f709a7b651cd7601a34ba67a0627433f25764638fd542cbd4612871308e7b353
Score3/10 -
-
-
Target
$PLUGINSDIR/app/js/libs/cmp.bundle.js
-
Size
296KB
-
MD5
c3dbbd4cfe15de60c8c3606ddf9c8784
-
SHA1
ef44afa8b6fb172b04aa62242b78d90b7ff34a3f
-
SHA256
a1d99c498fb84e20aeffcb22e7b473fa88e2909f2b9eacdc63d8e09aa56b5aec
-
SHA512
849a71028e2db8a14178c14c05de413d23282fa49b59befddbc5279d203f27e0d2b21ee9ef43d0aa15b2c81c17d42301d52760c894b9f7ee78ddad258f31a5f9
-
SSDEEP
1536:4UGMT5RS+P8pGjQp1jdH6cArFGrgkGXZyWkNTQ+3xXtbs3Z4mSn/C595oRHQRmP8:4Ur5RFgrMcoFGrgNjkNTQ+c3nouR6TQ
Score3/10 -
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1