Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
5Static
static
3VoiceChang...6).exe
windows7-x64
5VoiceChang...6).exe
windows10-2004-x64
4$8/APOConfig.exe
windows7-x64
5$8/APOConfig.exe
windows10-2004-x64
5$8/Clownfi...er.exe
windows7-x64
5$8/Clownfi...er.exe
windows10-2004-x64
5$8/ClownfshAPO64.dll
windows7-x64
5$8/ClownfshAPO64.dll
windows10-2004-x64
5$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...st.dll
windows7-x64
3$PLUGINSDI...st.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3General
-
Target
VoiceChanger64f(1.66).exe
-
Size
1.2MB
-
Sample
240711-w2qx1a1dmd
-
MD5
271da96d964aa1b52e85553dc4da7b3a
-
SHA1
fbabee2839e973c0dc12be83d7d450a9b3bae67b
-
SHA256
38130c93482996bc6b4828242f63ec0ffb63209409cf92fc9d851f14ee18366c
-
SHA512
1b50692dc8554e30e7b37fd9d56e294deecc853fb50b4180170370232cfaca70e53f6b36098ccc11e83cea5a9707401227e54ef8fdb67aad90b73c887de49e97
-
SSDEEP
24576:JFid2uPbWDioGxBu2w+q4v9xEiGV3manbj16IKzO:HSBPi8nnmV2ann16IK
Static task
static1
Behavioral task
behavioral1
Sample
VoiceChanger64f(1.66).exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
VoiceChanger64f(1.66).exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
$8/APOConfig.exe
Resource
win7-20240705-en
Behavioral task
behavioral4
Sample
$8/APOConfig.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral5
Sample
$8/ClownfishVoiceChanger.exe
Resource
win7-20240704-en
Behavioral task
behavioral6
Sample
$8/ClownfishVoiceChanger.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral7
Sample
$8/ClownfshAPO64.dll
Resource
win7-20240708-en
Behavioral task
behavioral8
Sample
$8/ClownfshAPO64.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win7-20240704-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/LockedList.dll
Resource
win7-20240705-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/LockedList.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240708-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240705-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
VoiceChanger64f(1.66).exe
-
Size
1.2MB
-
MD5
271da96d964aa1b52e85553dc4da7b3a
-
SHA1
fbabee2839e973c0dc12be83d7d450a9b3bae67b
-
SHA256
38130c93482996bc6b4828242f63ec0ffb63209409cf92fc9d851f14ee18366c
-
SHA512
1b50692dc8554e30e7b37fd9d56e294deecc853fb50b4180170370232cfaca70e53f6b36098ccc11e83cea5a9707401227e54ef8fdb67aad90b73c887de49e97
-
SSDEEP
24576:JFid2uPbWDioGxBu2w+q4v9xEiGV3manbj16IKzO:HSBPi8nnmV2ann16IK
Score5/10-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
-
-
Target
$8/APOConfig.exe
-
Size
195KB
-
MD5
77893038ecf3f3a96afaea9db5a8a25f
-
SHA1
c9ce77d1dfc66390392e5d415e4c349c07a4c0a6
-
SHA256
36b966087ccbb6a35dbaf7ef22725f18f62bff8cf3514c6a1f66d4ca18485824
-
SHA512
d7514d0b93224118b329a19ec28c79e83f5779af375080db2f60e2a73e7131a2769850c43a614b0071a3a265dc5745dc016f4963779730550ae49af499bb5818
-
SSDEEP
6144:9V5+hXJPAWak1DSPdAkAAKHuqBH9AOrAChfBkQULM7m:9n+pJPAWak1DS1eAKHuqBH9XfmQULF
Score5/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
-
-
Target
$8/ClownfishVoiceChanger.exe
-
Size
805KB
-
MD5
208c37506cddf0613517488da3287d12
-
SHA1
99b918443e424af947ed10aa84fa242af70ca856
-
SHA256
d29a8c5ad1704c7fbe0e24fadf4a8a1dabe441c84f9dfe4359755cc76c148a61
-
SHA512
0318dd9ecf5d41504f60fc0f71ac306cafbfb75808c7597a2ab3b745a487d042371fe5c159e42f0a431a29820e4e164e43e78673eb12124b9304adebdf5e2f65
-
SSDEEP
12288:ddCn17D4nHmjxRL7xU2ZlHIue0FZFVo0iV3NnKX2:dsn134nHkl7tZlHIueAZnQpE2
Score5/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
-
-
Target
$8/ClownfshAPO64.dll
-
Size
346KB
-
MD5
2615829ece553a2aac5f9a03cfcacac2
-
SHA1
4f271a3d659b4c41ae4b578afe3ce34df4d6a1e7
-
SHA256
2bc1826abffe6bd74c7352607ed15e7b37c205060a8c27c10bf205b067be380f
-
SHA512
30c3a462604425b4eb20e5732dc519f9a36b77c6c54f26d9a36995631f6222cfbe37a6b2363d68f9956ed5fe2c4323f8051b2cac6acd9c1dc2b3daaac31e4c8f
-
SSDEEP
6144:XFaPoCUb5nttyhD5Axo3J1+neolsX4m9V5CQVRpKsVjJfuslgH:XkPQb/S6KOeolsXPvUCJU
Score5/10-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
-
-
Target
$PLUGINSDIR/KillProcDLL.dll
-
Size
4KB
-
MD5
99f345cf51b6c3c317d20a81acb11012
-
SHA1
b3d0355f527c536ea14a8ff51741c8739d66f727
-
SHA256
c2689ba1f66066afce85ca6457ecd36370be0fe351c58422e45efd0948655c93
-
SHA512
937aa75be84a74f2be3b54dc80fac02c17dad1915d924ef82ab354d2a49bc773ee6d801203c52686113783a7c7ea0e8ed8e673ba696d6d3212f7006e291ed2ef
Score3/10 -
-
-
Target
$PLUGINSDIR/LockedList.dll
-
Size
27KB
-
MD5
a1ac202541aeb73245d9caedca1c9577
-
SHA1
d30dc312d5394f5cde418560bb2e0b6e46f4f7d6
-
SHA256
7f150baffafedd777ae27ad7d9782f4e804653068053102e55c8438230e65868
-
SHA512
73e641317b7c16f4f3f8c2786897bac8891065b7f877af3c0892ba222ea4737679096cd9241e0225b85ceb8a1a3d6b9b7016ed016f83ca3d05a2aa33d6cc5913
-
SSDEEP
768:4yINiCg6KMSMfnYRLYpZjS17JShksxagf6qg:hxap6HhJSfxbZ
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
10KB
-
MD5
56a321bd011112ec5d8a32b2f6fd3231
-
SHA1
df20e3a35a1636de64df5290ae5e4e7572447f78
-
SHA256
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1
-
SHA512
5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3
-
SSDEEP
192:uv+cJZE61KRWJQO6tFiUdK7ckK4k7l1XRBm0w+NiHi1GSJ:uf6rtFRduQ1W+fG8
Score3/10 -
-
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
9KB
-
MD5
f832e4279c8ff9029b94027803e10e1b
-
SHA1
134ff09f9c70999da35e73f57b70522dc817e681
-
SHA256
4cd17f660560934a001fc8e6fdcea50383b78ca129fb236623a9666fcbd13061
-
SHA512
bf92b61aa267e3935f0ea7f47d8d96f09f016e648c2a7e7dcd5ecc47da864e824c592098c1e39526b643bd126c5c99d68a7040411a4cf68857df629f24d4107d
-
SSDEEP
96:ytJ6tC4jcY5rKhkfL9SYdKkcxM2DjDf3GEfKvBKav+Yx4yndY7ndS27gA:yyj6QS8HREf+BYYxbdqn420
Score3/10 -