Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

xptools690...VR.exe

windows7-x64

3

xptools690...VR.exe

windows10-2004-x64

7

xptools690...om.exe

windows7-x64

3

xptools690...om.exe

windows10-2004-x64

7

xptools690/Ratios.exe

windows7-x64

3

xptools690/Ratios.exe

windows10-2004-x64

7

xptools690...ge.exe

windows7-x64

3

xptools690...ge.exe

windows10-2004-x64

7

xptools690...es.exe

windows7-x64

3

xptools690...es.exe

windows10-2004-x64

7

xptools690...g0.dll

windows7-x64

1

xptools690...g0.dll

windows10-2004-x64

1

xptools690...g0.sys

windows7-x64

1

xptools690...g0.sys

windows10-2004-x64

1

xptools690...64.dll

windows7-x64

1

xptools690...64.dll

windows10-2004-x64

1

xptools690...64.sys

windows7-x64

1

xptools690...64.sys

windows10-2004-x64

1

xptools690...ie.exe

windows7-x64

1

xptools690...ie.exe

windows10-2004-x64

1

xptools690...32.dll

windows7-x64

8

xptools690...32.dll

windows10-2004-x64

8

xptools690...64.dll

windows7-x64

8

xptools690...64.dll

windows10-2004-x64

8

xptools690...ow.exe

windows7-x64

3

xptools690...ow.exe

windows10-2004-x64

7

xptools690...me.exe

windows7-x64

3

xptools690...me.exe

windows10-2004-x64

7

xptools690...g0.dll

windows7-x64

1

xptools690...g0.dll

windows10-2004-x64

1

xptools690...g0.sys

windows7-x64

1

xptools690...g0.sys

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d910030e1f0562ef78edc8f82d37e1d47ba9dbb7048086d857a1a633c24eb994

  • Size

    6.2MB

  • Sample

    240705-wpdrxaverg

  • MD5

    903707415741a1cd8389505d8a6ed933

  • SHA1

    6154cfa5c72d163ef81dc8bc27ab9ee3727421d6

  • SHA256

    d910030e1f0562ef78edc8f82d37e1d47ba9dbb7048086d857a1a633c24eb994

  • SHA512

    c33c7ebce51b5973eba8eb8a3107e670bb55a784b5fabbad57590259e16e42ac24b591e19f6cd568bbbbd507b3da155dc480ce717c740fa59532a45536a58bae

  • SSDEEP

    196608:xpxlfapwgdWm8jh+ChayXS1kWa/VlyMfel8ItxXWhMB:xdfaGgdWNhhafePyMfehrOMB

Score
8/10

Malware Config

Targets

    • Target

      xptools690/Heat_FIVR.exe

    • Size

      2.4MB

    • MD5

      56aa1f02f569282d1ea3e0a9d1bbdae1

    • SHA1

      e990a075c630f35d053d95d3787e97692f2a0d14

    • SHA256

      3663abf2f4a1e393c45e38df3b04658554b58375b21a979bd1d1a63b3265adb5

    • SHA512

      87f84a96332e442bf3cc16a6ec36d99e22f57ce484e72de245658ce39495d6e51dfb3cb05d899c73313572abdfbd50b11ecd129119cfdb87811f7182505ad315

    • SSDEEP

      49152:VqtWnylC3Ijydj1NiCENCkQWPIunVeXDz/Yl6ipH:U4nkC3IjyxEdtIuUzQl6ipH

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

    • Target

      xptools690/Heat_FIVR_Custom.exe

    • Size

      2.4MB

    • MD5

      0ad02a2d949604f3e4ba742f19fc2c8b

    • SHA1

      1b5c4f0e7e02d4a9bccf1574acb021e46f4ce6ea

    • SHA256

      f7fb769c4f5a3f99756ba77e8646fb55d41dec9d8b43ec8c55293bafe50ad5a1

    • SHA512

      460e2517322342d9e501ed95fa51dfa4ad52836680f176c7f1f3ced4c8c9f1496bfc46eeb9f6644081ac39f3d519cb16773c78ee38699411557e9948d6740729

    • SSDEEP

      49152:aLILh9IxDki/uOdSyCCVujWkEpxVeXHVl6ipH:KACxDki/6/3EpyVl6ipH

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral3behavioral4

    • Target

      xptools690/Ratios.exe

    • Size

      2.4MB

    • MD5

      43fb9edad38fc4ef9664f2ed8e868234

    • SHA1

      695eafa7cc6bdf08dbbbc398d4ad4388c81b3993

    • SHA256

      b05e9cc60cf33b3deeb8a2cb6e7225bfc27af008d3c40c760f0a659141cf501c

    • SHA512

      a94d638ffed891c0659fe51f28e608cd4f8610d5d84eb07a81d5966a8dc40458da1faf8c989b0572034fe86994ecf15a47f26da2a8f24fb99ca3a56963f57ce0

    • SSDEEP

      49152:Jy0RSjPfN5mxC54ZcoDGMNYhovclcEA8Iflz/nTMtbuc:qjX54ZcoDGSLZrMtbuc

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral5behavioral6

    • Target

      xptools690/Set_Voltage.exe

    • Size

      2.4MB

    • MD5

      76ebf11b8685dcabc5cee2aac6408f63

    • SHA1

      8b5d055d5bdd90ba8be9d91e581909fe7f60ae96

    • SHA256

      80b33300157cc46caaae628f62fb939012054b0840fecedc01af6f0e72a2ff01

    • SHA512

      67a8f7167b661da60d44c9d1b3f72f19760ea3a40adf13f7aa19fffeca24152dad38b8ad549033fc7e36637f8068a931456d308050f6a60ee7677e00a06efa4e

    • SSDEEP

      49152:ztHdisUNQruY0zG5zRiZn4IoSpCIAYEc0Q8xRml6ib+:h9yNQruYTewSEcMCl6ib+

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral7behavioral8

    • Target

      xptools690/Specific_Cores.exe

    • Size

      2.4MB

    • MD5

      06cefb158527d1113a06da9a892b8856

    • SHA1

      3e69d34a0d27bfdab2cab81592fc917e2492e39c

    • SHA256

      c7d2904f8935cfdaefcc7af34c83c597fb392809995831b927004689c9331fc4

    • SHA512

      6d2b0b11e556cc0960052c619f88ff9495848de287a678ade80f04155b5acd81b32a3e479a3cb822b80e5a1e1804bd53186f2d30c95d6471280f42052b9767cd

    • SSDEEP

      49152:mhGMXOqGQ5QqeroAUAg+JNDBAbIGGFAyIflgUMtbuc:0BYroAUAg+O4BUMtbuc

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral10behavioral9

    • Target

      xptools690/WinRing0.dll

    • Size

      64KB

    • MD5

      3efa8f1865595ebe1dd415025bf17d8f

    • SHA1

      c37f9c5fc06bd1ee8a0a7694f378c0cdd2eb4484

    • SHA256

      8edb4338883cb12d730ea1827c8e232b4a1562e207c5af26b0d8d86e4b3f2269

    • SHA512

      49b6c8a4005f4f2b61e57d373bc74ffef715d174ed891a73502e2cc19f21c59293188cda364fe86b2bdcd1dc9d97562cf8b73449ce715ecf285c964628cd5764

    • SSDEEP

      768:hRPlqAVzcRDoomqfLYwwvI+Ps8qyOTtvPPzGVojF:jPlA0ogw+PiZtXPzNj

    Score
    1/10
    behavioral11behavioral12

    • Target

      xptools690/WinRing0.sys

    • Size

      14KB

    • MD5

      845af1ba23c8d5e64def61bcc441604c

    • SHA1

      8ac34eb21b9b38f67cd29684c45696c20ab2e75a

    • SHA256

      206ee7a7c3f4d9496f742ccb84718f556ecb4ba2a95fe7e0cdf3a003ffbe4597

    • SHA512

      0c2d625bbe5b1902cd371f4e1a3dceee6401aa9fa0b25f4720277eaaac3576c2029d7db3ae9983382e4ca8f0415ccd4b0e6c1eea864e7886276f93047258475f

    • SSDEEP

      384:zkg+wW5QDV08teHn+EgTWGYOf2OJ06dUb+m:JDV4+ECtfSJim

    Score
    1/10
    behavioral13behavioral14

    • Target

      xptools690/WinRing0x64.dll

    • Size

      61KB

    • MD5

      eb31c77ef331ec4cbf7262cda4d1233a

    • SHA1

      ffeb0f08f18a4eca1bf8c4e827f9111ae3c64716

    • SHA256

      a746fd5728e7485f741cc330a279674bc8590b1b8007d8614046c49f58698485

    • SHA512

      b1143d419e278c1b09ad5d750d5dea1fa95ffaec1c0ee7d9c0d7160929981e1b5815fd45d6e0f8ab7aff1cae4518cb4baf1ed69441a040bb584024c99aaea0d0

    • SSDEEP

      1536:7Vz2GiL9ZooLCYtdm2R6CKQlqlLLuNsCMku1fT:Pw9ZooftdLTKBLLAsCMkk

    Score
    1/10
    behavioral15behavioral16

    • Target

      xptools690/WinRing0x64.sys

    • Size

      14KB

    • MD5

      0c0195c48b6b8582fa6f6373032118da

    • SHA1

      d25340ae8e92a6d29f599fef426a2bc1b5217299

    • SHA256

      11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5

    • SHA512

      ab28e99659f219fec553155a0810de90f0c5b07dc9b66bda86d7686499fb0ec5fddeb7cd7a3c5b77dccb5e865f2715c2d81f4d40df4431c92ac7860c7e01720d

    • SSDEEP

      192:nqjKhp+GQvzj3i+5T9oGYJh1wAoxhSF6OOoe068jSJUbueq1H2PIP0:qjKL+v/y+5TWGYOf2OJ06dUb+pQ

    Score
    1/10
    behavioral17behavioral18

    • Target

      xptools690/bclk_pcie.exe

    • Size

      1.8MB

    • MD5

      2795dfd7ee2acd4d4f047be481fd3258

    • SHA1

      7fbcc41f64bac21d9376f01c628522ed61b00e7a

    • SHA256

      c9c5731e871c898f4195d5e85a64c6b63bfb2153cc38b615e74e933e19445eff

    • SHA512

      00104196bfe7eafa11214cd3610bb4151088a9f5e266cd9735c5f73f25ae4dcfc9ee4fc08092be93695529b6be47e3ec25d9bb9a7ca5354d5d2c788fe243d99a

    • SSDEEP

      24576:sxldrJRZ1XydYhNakHnhZSqNXITHj8uAu+QJXRDcFLerTg3h3VuQ5iMtbA:sxldv0MVZSdTfJXRDckLMtbA

    Score
    1/10
    behavioral19behavioral20

    • Target

      xptools690/inpout32.dll

    • Size

      96KB

    • MD5

      c1ccde650bf91a3b1d07dc5494d4276f

    • SHA1

      8062e3a853769d4c8235d30b30ca97cb200b1479

    • SHA256

      01bcec6ddb4964e1f5b69ba1bd3876221d8de7ae17cacfac66f095013434a78f

    • SHA512

      83c3ad41ab7b35e7116208dbda9fc65ad6203f5922c3ec5e840b0c54c5d2c47127564c0ec88b3445d5563fa39cca0ac62a6ca5603118e317523ae822d06e897c

    • SSDEEP

      1536:o/Y+Lhxv0hDuC0+5/CH8KM3xtGQI0jqSG0jVf:ozL7E/fhtGQwSR

    Score
    8/10

    • Drops file in Drivers directory

    behavioral21behavioral22

    • Target

      xptools690/inpoutx64.dll

    • Size

      96KB

    • MD5

      ac0c3ae82ec0764c605fa59e7bf05614

    • SHA1

      3d4980be66fe424475e73c45a2d14a73ff4197f0

    • SHA256

      5f27ed4d5cd58a1ee23deeb802e09e73f3a1d884ce2135f6e827f67b171269e7

    • SHA512

      27468b3708e11bd598f0c7293f6b51e3ff2928568b174691e00067359ce76c6d1c95a51115f83fee0cccf1df58744785e0076d599f73f01f53c1b92e0a2c2fab

    • SSDEEP

      1536:Mtd/d3mXwZIBrv9aWWIRkuLoN/e9Lu1pnI0jqSG0jVG:Mz/d3mAZuv9a12V0N/e9Lu1FwSR

    Score
    8/10

    • Drops file in Drivers directory

    behavioral23behavioral24

    • Target

      xptools690/makememveryslow.exe

    • Size

      2.4MB

    • MD5

      8bcacd9a1db57bd52f7767695be20e38

    • SHA1

      70123ea48cc5f40ee252fd4a33ebd1c4a892154e

    • SHA256

      2e8b68cb04efd484b512170d8075fe5723e1dd6340b08f3fa13610fc4287bc5b

    • SHA512

      ba3293ca6649cd6e7da9dc314e19e795edfe53d7a4fbcbbfd7b2447e0033fed077be4dc2a6321e48e9c91b4248cb82aae747ac994d0d25352a2462aa72b3ad59

    • SSDEEP

      49152:CcRfGAUgTFk3Lt9UrCtxF3vbgkbFAtzw3afQi65Mtbuc:5xdFk3Lt9Umtx5a0tMtbuc

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral25behavioral26

    • Target

      xptools690/mem_time.exe

    • Size

      2.4MB

    • MD5

      6fd5a5e3dd024b12fc79133799b4c3a5

    • SHA1

      bc713bd33e4fda7036879fb052a335f4261191c2

    • SHA256

      7190bc82e72d6b4488b543ef06f6d47858a745d64084956198690e476ee07a2c

    • SHA512

      3c1b3bb306e83486e06c762cc88d894ac2a701bb2757c5fe28464cc82d84d1b036d9c79f39d4f0ef5db78ad082c3227693f165d7501395721007d8d9bbf7265e

    • SSDEEP

      49152:zv0JW+lkRcoNHnikzt+xLhrVcTxhRXcozr3afyPMtbuc:z8ZAHnikzt+xLhMOsPMtbuc

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral27behavioral28

    • Target

      xptools690/mem_valid/WinRing0.dll

    • Size

      64KB

    • MD5

      3efa8f1865595ebe1dd415025bf17d8f

    • SHA1

      c37f9c5fc06bd1ee8a0a7694f378c0cdd2eb4484

    • SHA256

      8edb4338883cb12d730ea1827c8e232b4a1562e207c5af26b0d8d86e4b3f2269

    • SHA512

      49b6c8a4005f4f2b61e57d373bc74ffef715d174ed891a73502e2cc19f21c59293188cda364fe86b2bdcd1dc9d97562cf8b73449ce715ecf285c964628cd5764

    • SSDEEP

      768:hRPlqAVzcRDoomqfLYwwvI+Ps8qyOTtvPPzGVojF:jPlA0ogw+PiZtXPzNj

    Score
    1/10
    behavioral29behavioral30

    • Target

      xptools690/mem_valid/WinRing0.sys

    • Size

      14KB

    • MD5

      845af1ba23c8d5e64def61bcc441604c

    • SHA1

      8ac34eb21b9b38f67cd29684c45696c20ab2e75a

    • SHA256

      206ee7a7c3f4d9496f742ccb84718f556ecb4ba2a95fe7e0cdf3a003ffbe4597

    • SHA512

      0c2d625bbe5b1902cd371f4e1a3dceee6401aa9fa0b25f4720277eaaac3576c2029d7db3ae9983382e4ca8f0415ccd4b0e6c1eea864e7886276f93047258475f

    • SSDEEP

      384:zkg+wW5QDV08teHn+EgTWGYOf2OJ06dUb+m:JDV4+ECtfSJim

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks