Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
3TapiSyspre...ep.dll
windows11-21h2-x64
1TapiSyspre...fm.dll
windows11-21h2-x64
1TapiSyspre...sh.dll
windows11-21h2-x64
1TapiSyspre...is.dll
windows11-21h2-x64
1acledit/Bl...is.dll
windows11-21h2-x64
1acledit/De...er.dll
windows11-21h2-x64
1acledit/acledit.dll
windows11-21h2-x64
1acledit/printui.dll
windows11-21h2-x64
1dsreg/dcntel.dll
windows11-21h2-x64
1dsreg/dsound.dll
windows11-21h2-x64
1dsreg/dsreg.dll
windows11-21h2-x64
1dsreg/sensrsvc.dll
windows11-21h2-x64
1pcwum/AppxSip.dll
windows11-21h2-x64
8pcwum/asferror.dll
windows11-21h2-x64
1pcwum/pcwum.dll
windows11-21h2-x64
1pcwum/pdhui.dll
windows11-21h2-x64
1setup.msi
windows11-21h2-x64
10wcimage/SEMgrPS.dll
windows11-21h2-x64
1wcimage/Se...pi.dll
windows11-21h2-x64
1wcimage/ne...vc.dll
windows11-21h2-x64
1wcimage/wcimage.dll
windows11-21h2-x64
1General
-
Target
__x64___setup___x32__.zip
-
Size
25.4MB
-
Sample
240615-qwgt9awemn
-
MD5
097e961e9ccbe1766b734b46cec81f14
-
SHA1
7b0fda0b75e91e58c8508f7ab7cfbd9010c0d395
-
SHA256
2320c375aadfdebcb1c40724ff1ba4dc129fc6b5b4a9d24488ac9750473055d6
-
SHA512
b78efeb0a412366873f5d72b46291b6593eb9d0ccf4dfb1519391e52870b3f79a25ab9bd962ca3b16b38f1e44e50be9eb4848c8c750dab07100dd579050a1e4c
-
SSDEEP
786432:yxsXSg6Hse+ngRhDKWGHfnXGO97bzgFiqeg8nYtgO:yxkSg1tngRhDnoP2O97bzgFb8MP
Static task
static1
Behavioral task
behavioral1
Sample
TapiSysprep/TapiSysprep.dll
Resource
win11-20240611-en
Behavioral task
behavioral2
Sample
TapiSysprep/netprofm.dll
Resource
win11-20240508-en
Behavioral task
behavioral3
Sample
TapiSysprep/rpcnsh.dll
Resource
win11-20240611-en
Behavioral task
behavioral4
Sample
TapiSysprep/socialapis.dll
Resource
win11-20240508-en
Behavioral task
behavioral5
Sample
acledit/BluetoothApis.dll
Resource
win11-20240508-en
Behavioral task
behavioral6
Sample
acledit/DevDispItemProvider.dll
Resource
win11-20240419-en
Behavioral task
behavioral7
Sample
acledit/acledit.dll
Resource
win11-20240611-en
Behavioral task
behavioral8
Sample
acledit/printui.dll
Resource
win11-20240611-en
Behavioral task
behavioral9
Sample
dsreg/dcntel.dll
Resource
win11-20240508-en
Behavioral task
behavioral10
Sample
dsreg/dsound.dll
Resource
win11-20240611-en
Behavioral task
behavioral11
Sample
dsreg/dsreg.dll
Resource
win11-20240611-en
Behavioral task
behavioral12
Sample
dsreg/sensrsvc.dll
Resource
win11-20240611-en
Behavioral task
behavioral13
Sample
pcwum/AppxSip.dll
Resource
win11-20240508-en
Behavioral task
behavioral14
Sample
pcwum/asferror.dll
Resource
win11-20240508-en
Behavioral task
behavioral15
Sample
pcwum/pcwum.dll
Resource
win11-20240611-en
Behavioral task
behavioral16
Sample
pcwum/pdhui.dll
Resource
win11-20240508-en
Behavioral task
behavioral17
Sample
setup.msi
Resource
win11-20240611-en
Behavioral task
behavioral18
Sample
wcimage/SEMgrPS.dll
Resource
win11-20240611-en
Behavioral task
behavioral19
Sample
wcimage/SensorsApi.dll
Resource
win11-20240508-en
Behavioral task
behavioral20
Sample
wcimage/netprofmsvc.dll
Resource
win11-20240508-en
Behavioral task
behavioral21
Sample
wcimage/wcimage.dll
Resource
win11-20240419-en
Malware Config
Extracted
https://opensun.monster/25053.bs64
Targets
-
-
Target
TapiSysprep/TapiSysprep.dll
-
Size
13KB
-
MD5
960f26b09aa9002e0e1fb05a0f10f78c
-
SHA1
c578efa3870517ef5d7994081331a084bada01a1
-
SHA256
dea8d882f6492786d680ae5d94f6f107b072aed8e6ca4f968725d9752cd12d60
-
SHA512
7c1af5de3e8f1b60e02188720943d3da0de71de030d3e648b9dfc10b871fe13c73c41225556839ff4bcbff53adf71aa5cfd69fdae0a892cbbc3599cc0518f7d6
-
SSDEEP
192:/VWqpdfXRVpTkTdCk3gpKghDk8aFl0HvWOopbW:/VJpdfuTfgpqpYvWOabW
Score1/10 -
-
-
Target
TapiSysprep/netprofm.dll
-
Size
225KB
-
MD5
77f52e2dd1dc997e6c533748d9f095f4
-
SHA1
39d72d89d0e88a5ff718dc318b391c258fd53509
-
SHA256
7fb531ef8583d7942efcf16d586b17e1424b548a2894ac0b6541291b38e250ce
-
SHA512
00fd5dc4a1d5d5f2bb39387cc26732fb3c370fc211887ea5df76636229c3be1d2baa46f30b732d5ea70da3e1821e4407a019437cc22bb87fac7766f2601e6b31
-
SSDEEP
3072:5pZaAxmzQ6U7RLmruZ8qBhrzZ4eXYWtQyE7D9Wr02kqvXkTtcbz0Z7:rpIzQXLCuZ8qBhCUPlXkTt4Q
Score1/10 -
-
-
Target
TapiSysprep/rpcnsh.dll
-
Size
33KB
-
MD5
c5adbe46703a1db31a0c6ab7245f2da6
-
SHA1
4cc8c03ed4b9ffc2566815954771f782b922b651
-
SHA256
bff0b93f9071a867d514d6de196e1368f655bcf54d4fc1623ee043cdb1cdbd77
-
SHA512
d73821a2dca2c2f3dbef5939053d00cd89f34b437e82f0077395c8b22ac297980514241c1b5c321c2765c0aaa5c12bd0ec6460a55bc6426d2064b6f147aea085
-
SSDEEP
384:gJDA9T8UqV2bojUJvlPmMka1+02C6BkZNAM9xUFt2QiVbzBxBH/5eauCVvT0n1rg:L8U9FwE1+00BuPA45t1xZl9VvghJa
Score1/10 -
-
-
Target
TapiSysprep/socialapis.dll
-
Size
142KB
-
MD5
d2c1d58bf9c0240e742e10969839ef53
-
SHA1
f67e87b2e53c712ecfb0472a2c6ee6234f1f828a
-
SHA256
387008f345ca655f9380a3e2e0ec1929a08a9bb8b452532ad2924173c5c24f2f
-
SHA512
eae61aa14836498ef3d7de5c824ad4a4de1557d077a371242a6d1a7b12a53880d3e2e6159a3f6f8bda1ad1b069d9768c9780b92a28fcf51403aee5839fcf1b25
-
SSDEEP
1536:6zZVvrXuv37p7cz3rEe5upcWmoBGOa2XXE19Mh/INEUSMWI0+EYBWUu7yd853RDZ:6HkWT0JTGOa2XXE192IVr100eyW5RDZ
Score1/10 -
-
-
Target
acledit/BluetoothApis.dll
-
Size
197KB
-
MD5
4d94b748f43986885ab86ff33fad6f6a
-
SHA1
8dd07387fde4d86a1fbf2128826aa32f31d3a561
-
SHA256
ca8e99e2961492b4a0cea897aa0d4b451fdc4671ace1241395b0ae4558dc5c3a
-
SHA512
b18feab6966c394d613258c1a1a1b72fada218d6a0c6115800a0a2dd71534987ad5a9ea447d24e11746669ed58d9b8b6447e28aeacfcb2d1659c5e0f1c787aee
-
SSDEEP
3072:SE6FBbgcOp7AMD8KJIpHM24R/VT+8OLoP4xQ0BwwvHF3:J6FBkcOpDDt4MttVTxOLK4hwwvH
Score1/10 -
-
-
Target
acledit/DevDispItemProvider.dll
-
Size
119KB
-
MD5
8d7ab1b071c1fb54edf629ce81acfd02
-
SHA1
4d81ace706e5f86b9400190708124a28e341039a
-
SHA256
d02ffd9efea43662b759c4862ddf378415acadbf16686e7efa56bb6449292b16
-
SHA512
714b3046a016a7a84b18757d31172657b6ff8c8ab3e241a539723af696199dba9759883e445c44455012e7260a77c76a45c4d3319c22e2bc0866f1d1185abc86
-
SSDEEP
1536:4vzHnzVRxidEI6muDDkTY3dMIm9x38zoR47JLrYEZ9AA8oo3XlrflK/Qox3SwPy5:gzHnEGdm9Zv47JLrYQ1CwPJS
Score1/10 -
-
-
Target
acledit/acledit.dll
-
Size
11KB
-
MD5
7c2b65e0756e0dc59e0be5d9efd25da0
-
SHA1
f6303b5239dd8bd5153e7f7c3593cad714462373
-
SHA256
b89c8b36a4af02d835dc07b7a905e1a3f95308aac92f614810dd69eb71d9fffb
-
SHA512
3c76acd4f5963bd3ad7a14449dab8bd16e4bb6f8df01070d3907398be65be56935c8cf204fc1d47c12ce1eb5eacebc098845c6d4543189455c75f18d638f0cfa
-
SSDEEP
96:lYEn2RqMoqNGINrOp2Q96GOGZgmPlx2sVN2est7hnlCdCEW1YTWw9:iE2Qt8/9hGOG7L2WUNhnlgPW2TW
Score1/10 -
-
-
Target
acledit/printui.dll
-
Size
740KB
-
MD5
39e595bd7e4e9afdb4bcd27eb7b3ca8f
-
SHA1
db8021fc9ab1dbc39e5153afc0425cd58d3a3f66
-
SHA256
286eb60f563a077a85fd4844f6454742f76761d8c1d348e202d589ebc001390d
-
SHA512
461609324bf8685202a5fada589f3aa42bcbbc1b4e3fbae17d624ef50f68db69dabf9c0d6d2ab0beba4cc378b0647dfe13f097f25c92fdb465093d0dc26f0f7e
-
SSDEEP
12288:68M6Cyn6YfWO7rs7ViwP7JOoRlkCg+wXKwrEe0JwsngNTp2ShQZxy:68zCXbOP6ViwP7JOKVx4b0JCNTkS8
Score1/10 -
-
-
Target
dsreg/dcntel.dll
-
Size
768KB
-
MD5
34a0c0ceee88cc435a273253cac4ec07
-
SHA1
bf66c56aecbf52d26435ae2c85129a909dc6a8a7
-
SHA256
86eabe6da51fcf15428fd945492e27075721e3d857c987fe1a830a0f6f7dd4c6
-
SHA512
2f5d69938cfedcf5b3c5edabf181f3cdb9525e1604ec5ed262407217ad8c18dcd6e649d5ade95c9535809527a5a0c83de6f2cf9859b4dbb7047d2e86d502e1e9
-
SSDEEP
24576:LHo2SKj92XYJWOKMs8cPbM1TjRQX1cs2vbF:Lr3yM1s2vbF
Score1/10 -
-
-
Target
dsreg/dsound.dll
-
Size
601KB
-
MD5
e6a43513ff267eaf7a112f94a403a5a5
-
SHA1
83f7c1ab98eac5164c9ea1ef6f78a84e55d1bc35
-
SHA256
7e7d1d2e2dca3d228a4a1c6a33885096cc884281a69963670851aa51cf093d1c
-
SHA512
b5b6e594e812eb59e356c145fee898437310f7f8eb3b3ae29dcce7c69b031f81bb6689f0b69d32a092c98dafaaa26dee4c75af6cbb6b04102829a9f1e21104a5
-
SSDEEP
12288:cyoaj7w9oRy7KL+J0vam7sKNpx15sW/azNQNkplGc:cyoaj7ZRyEvaQ/2CmX
Score1/10 -
-
-
Target
dsreg/dsreg.dll
-
Size
1.3MB
-
MD5
5b6c5c26411cd43954f844d4fb4c7052
-
SHA1
25ae08d1ba263dc838032e0167c90a2fb99dec67
-
SHA256
c07f170f5e59e35778067b9681c7fe31c0155a031e699777857cf034c9bcdda8
-
SHA512
813e13e5cd9553dca3dacd1d0d4c1d33370cf50ed3b8c7e335e0d08a3dd5b4a1e4897b1efbc94f83aa6657b17fe9a435ff24e72afea65ed94145cdd0197f049a
-
SSDEEP
24576:YRVIRLu0lcAE/VOJg85uTtsGxOOfaJJ3ASAVZOxgAR6sFcp8qdtyuPW0iEpbL7eC:YRVT0TUOq85uTtJx9WdUSGeKQlW6ix
Score1/10 -
-
-
Target
dsreg/sensrsvc.dll
-
Size
177KB
-
MD5
0bcffad6f3b180dd60c941b01768f733
-
SHA1
38208d521a1b1d93bd278d44f3cf86243e5a6081
-
SHA256
a0b73c1bf636f14504b69606999287b6fe148c958a4f6e31e9022ff129a048e0
-
SHA512
1cc351de4ce989a3a760fd9289fa265da4fb6b4b6dec037757c971698637ea46ffa5aae2a6e7b27774d79faa459fcf8d6fa80fade18f7437bd490b4058573627
-
SSDEEP
3072:7DVv4LAk756j4WlWM+ks7VKqTbykTXqIFWMcgiurms+alt:F4LAKVWgM+EqykTXncur5
Score1/10 -
-
-
Target
pcwum/AppxSip.dll
-
Size
268KB
-
MD5
577dbb84e03e995d507840258c52913f
-
SHA1
cb1d426d26a3e966d29a6a28f94ed5273c21d759
-
SHA256
c8ed0608c107745d56fcdf34cac855602c65dc1a612c173f4057cbd30fbf2058
-
SHA512
90263941720d4498cfe588ecc7c713f04ce2431722b918859c555041be1823ace5163306c3e273e92fde0d472b3bb494acc37b26982a269116b64ed13aa396cf
-
SSDEEP
6144:cTXUiOy2C35UKI+EqJNLo/AKjJIcLIT9mAD:cTkFy2aI+FLSHjJIcsR
Score8/10-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
-
-
Target
pcwum/asferror.dll
-
Size
2KB
-
MD5
095f83f3a59c1fe3f0fe09b83fcb61bb
-
SHA1
53150630afd41a9f79a6c8ad283d26da7901d502
-
SHA256
f19af37f7a6df8bf1d1d75ad7207f2398facf275230a158c0ed16431b7d95e09
-
SHA512
7dcdb173f8f3e201ed5070f4802d44d70e580fd2cb60a9a74e8de005b86ab3b3204e9a3221ebbe64892d02232aab884fd5bba89af02cbc49f11fa77f4ef019c9
Score1/10 -
-
-
Target
pcwum/pcwum.dll
-
Size
22KB
-
MD5
642d98f94f04a764b0fd6ed931ff6bb3
-
SHA1
8ae640ca0f07db4c23c3e07b12270337a921e33f
-
SHA256
e72268a93a94b68b749c146d02918635440ff8440c64bd939d9fc5f9a62e0a36
-
SHA512
ee9afb4504ffb47637960c450cef71c63e5b2de47aae1263230de3eb1f8604b47eccbde958261ffe014a564749816a1e7d72672ac3256e0693df49b6c97b2e94
-
SSDEEP
384:pWYGKlPRPSxncPF3WZ1WNhKvpdm15hRYD1IDBRJtZifl/zdi/iy:r7PRPSxBx48I1P21y
Score1/10 -
-
-
Target
pcwum/pdhui.dll
-
Size
61KB
-
MD5
2b0e1517dbb0e067d82fe2d47c372a8e
-
SHA1
67a80548f78cab22cf81b93f3181d689c44b26e3
-
SHA256
6cb757959ab8200999ae91a0ccab15967fa1ed101c90de195e26397b6ef6c070
-
SHA512
576b9b8d47736939ca99adbb831758addc55e85d875f5ddfd8a5e633f58f5786b00a020f0017582e3545f110a6b730d1025685cfeec024aa837efe8f8caf48c5
-
SSDEEP
1536:7rLxh5fUGpp05BqxFGRqg8qAAjGJIBF+qU2:7r7pUGp058xNN4jGJIBF+qz
Score1/10 -
-
-
Target
setup.msi
-
Size
25.2MB
-
MD5
91cc342e3d4c2a0b3f5dcd1299e03d48
-
SHA1
f907916082fb5ba69275209c4812dbd6ffb84a57
-
SHA256
82de87cc81dd7f8de02840ecdeb0c0189d01cf8128867461f877276181a10dab
-
SHA512
379c237282db87aa3fd55072d8af2a86fbe61340116027167154b4e901f05a3eef2f13b98e8037548dd1e90ee847b84c0fe217b88bfe8160841a2aa91df81f99
-
SSDEEP
393216:w+mYUMfqQYO9meWrMl0VESIjWmsKGiQaUJGUjbEHEqAMNEI2osoy/A:w+YMfqQY7briMAtsKJUJGPJNa
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-
-
-
Target
wcimage/SEMgrPS.dll
-
Size
40KB
-
MD5
76e12d39f82567db28b132e245d9e3ce
-
SHA1
53cbd54614b8e21e78096d32ddebf0771b359c37
-
SHA256
5edd09d2a2e2e03ac2fa7db4c7b9f4ee300c696534788dbedaf9cee617a97ab1
-
SHA512
62de3ef3caf4997e0f1b02f5805a5da757c7506dcf5e6f93ed9870b6a53858dd24f588700dc2e6cd1d524291fb0fe1968169a52c53e9253244f7ebd633b89f4a
-
SSDEEP
384:tASguFmJEqu2MZ3RDil1jt9exCUF9n10jaTANQ+1Lxdprb4Y75WRkWmmca9pa:KK9JbyFUF910GANQ+1pgYg
Score1/10 -
-
-
Target
wcimage/SensorsApi.dll
-
Size
407KB
-
MD5
e5d1e8fbabdbe5c74777d0ac4c426506
-
SHA1
bba47a9e25b32320cd1936423dbf926864bf90fd
-
SHA256
349eced0b6eeb7d3ace7259a93d30ebc2823b128be409a87a712709af9bb140c
-
SHA512
3a0f2ba991de7c3fe7af13bdf0c3edb0c847185f51731dfe28bfbe6eeaa3e0ce5346af833b950f39a46bd4d021ede71224a90592519af6d1667a8ef064c02fdc
-
SSDEEP
6144:xzEG0WxoKAQTrfBvjF8VcYGNfelNz2TgYlQhgppm739UL20KcG8ZKXvSCoV:xzEGTW3Q3FZ8ONo2TnlJppmznmK
Score1/10 -
-
-
Target
wcimage/netprofmsvc.dll
-
Size
982KB
-
MD5
279099d020eef78ea58acfb29e9c7bce
-
SHA1
ad5d6f9b8852aa6d67972c426f0b17c83adf5142
-
SHA256
45901d087e5c6f36734b2c15a6a89bc699e0b7c78dc64cdc158a0fa9bc2426b8
-
SHA512
660d99d474d40aa7c74da97ac620f4ad1ff16c00513bcc4ecc892d66395247bf99ff6a2d658930a6eb81563b98c6243c1b306fe449538b359fa232c9de35b32f
-
SSDEEP
24576:hYn3DqOlLb1rdnArqhE38N7k8V4buY5AvGubu:hKthrdaq+R82buY5AvGub
Score1/10 -
-
-
Target
wcimage/wcimage.dll
-
Size
133KB
-
MD5
15f2604eea46c00e3b11c50ae6fad557
-
SHA1
c498e3c70d008f7ab7dee2326bc4c7106070e58b
-
SHA256
39562e3973e08f78a4289b0120dd411c8e02afe40544ebc75515ddcf0673ccd2
-
SHA512
f921965e5b2f32a69e29d2e0b1acd6cf0720cf59cb9035d89db6ce9d6486ad83eb5c3eb5b7073767a8cea501859e2a9579d1705406b551098f3dee8d96b65f7b
-
SSDEEP
3072:uQc03QjzlDpfC3+uDQGQAOzu2IpdOcLpy:uQTqDp63px5fL
Score1/10 -