Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
10rc7/SciLexer.dll
windows7-x64
3rc7/SciLexer.dll
windows10-2004-x64
3rc7/lua5.1.dll
windows7-x64
3rc7/lua5.1.dll
windows10-2004-x64
3rc7/memcheck.dll
windows7-x64
3rc7/memcheck.dll
windows10-2004-x64
3rc7/memcheck_.dll
windows7-x64
3rc7/memcheck_.dll
windows10-2004-x64
3rc7/memchecka.dll
windows7-x64
3rc7/memchecka.dll
windows10-2004-x64
3rc7/rc7.exe
windows7-x64
7rc7/rc7.exe
windows10-2004-x64
8General
-
Target
3a8a7f8b1268cc6cf7bf7b97a2126cad2f3fa13516ebbf89936c2d146328f94a
-
Size
7.5MB
-
Sample
240721-n2jvpa1hlp
-
MD5
08439cf3032ec94989f5378ebfb0dd91
-
SHA1
a80fa9d705b7de672e6adf62720656d1f530668e
-
SHA256
3a8a7f8b1268cc6cf7bf7b97a2126cad2f3fa13516ebbf89936c2d146328f94a
-
SHA512
751ff0a4fda0439d6db823e76b98e609c3cf29cd317db74c1c54d06e28bfdae081b324076ec3f3627729c057eca82171afa302da6c0e8bf6e7802d4737d7e805
-
SSDEEP
196608:GZUGTLGBxY/geHxp6AQBENd1xeSQ1iK23TaHb7ORD49p:GZUGTLGrY/5HNQBEN5LQ1l23gvODap
Behavioral task
behavioral1
Sample
rc7/SciLexer.dll
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
rc7/SciLexer.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
rc7/lua5.1.dll
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
rc7/lua5.1.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral5
Sample
rc7/memcheck.dll
Resource
win7-20240705-en
Behavioral task
behavioral6
Sample
rc7/memcheck.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral7
Sample
rc7/memcheck_.dll
Resource
win7-20240704-en
Behavioral task
behavioral8
Sample
rc7/memcheck_.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral9
Sample
rc7/memchecka.dll
Resource
win7-20240708-en
Behavioral task
behavioral10
Sample
rc7/memchecka.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral11
Sample
rc7/rc7.exe
Resource
win7-20240705-en
Behavioral task
behavioral12
Sample
rc7/rc7.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
rc7/SciLexer.dll
-
Size
70KB
-
MD5
d0aed298460a16c1b587875d411b0b4a
-
SHA1
f542c3c3bd06c27c70c469bcced845863b10114d
-
SHA256
e4e19790be03a782497d9ca11f74010b6a016127de984c7cb67a9ac2d04bdfb6
-
SHA512
d73bbbe77b3caf43696c1685fc89c4d0ac2f0d6e11e6d0161943a2116073cd510f5349c369e51b748ce32c07047a0308960073e5d368acc882a7397398260c92
-
SSDEEP
1536:pWAlQqfkspI8SZ/b61s0onHsgQXKZsW9QrcdKNZhn6YGxHu:pWypI8w/b6OpMgaKpQ6Kjhn6lO
Score3/10 -
-
-
Target
rc7/lua5.1.dll
-
Size
164KB
-
MD5
ee3043c17751c763e26d03f6eebb1b8b
-
SHA1
91d52c619c561db7f678b43456a2bd500064bfb1
-
SHA256
26384c6ee7d50863e3fb65fdc1bad452d9311f34d782390401de9bb130eecc4a
-
SHA512
1ee1aefef0ace1d5fe4a5fac06d1e46e55c9a2180b98cbda540cdf4a15e5e6f17c99c473276524b10485be574032a66c34ce08a9c973e9a46c59249307dead41
-
SSDEEP
3072:PUvMMlibAYKY4rg4ODk2nCZdNcbjNXMga9j6n9aWBn:MvflibAYK/rFdwNcFI9aW
Score3/10 -
-
-
Target
rc7/memcheck.CETRAINER
-
Size
164KB
-
MD5
ee3043c17751c763e26d03f6eebb1b8b
-
SHA1
91d52c619c561db7f678b43456a2bd500064bfb1
-
SHA256
26384c6ee7d50863e3fb65fdc1bad452d9311f34d782390401de9bb130eecc4a
-
SHA512
1ee1aefef0ace1d5fe4a5fac06d1e46e55c9a2180b98cbda540cdf4a15e5e6f17c99c473276524b10485be574032a66c34ce08a9c973e9a46c59249307dead41
-
SSDEEP
3072:PUvMMlibAYKY4rg4ODk2nCZdNcbjNXMga9j6n9aWBn:MvflibAYK/rFdwNcFI9aW
Score3/10 -
-
-
Target
rc7/memcheck_.CEA
-
Size
164KB
-
MD5
ee3043c17751c763e26d03f6eebb1b8b
-
SHA1
91d52c619c561db7f678b43456a2bd500064bfb1
-
SHA256
26384c6ee7d50863e3fb65fdc1bad452d9311f34d782390401de9bb130eecc4a
-
SHA512
1ee1aefef0ace1d5fe4a5fac06d1e46e55c9a2180b98cbda540cdf4a15e5e6f17c99c473276524b10485be574032a66c34ce08a9c973e9a46c59249307dead41
-
SSDEEP
3072:PUvMMlibAYKY4rg4ODk2nCZdNcbjNXMga9j6n9aWBn:MvflibAYK/rFdwNcFI9aW
Score3/10 -
-
-
Target
rc7/memchecka.CETRAINER
-
Size
164KB
-
MD5
ee3043c17751c763e26d03f6eebb1b8b
-
SHA1
91d52c619c561db7f678b43456a2bd500064bfb1
-
SHA256
26384c6ee7d50863e3fb65fdc1bad452d9311f34d782390401de9bb130eecc4a
-
SHA512
1ee1aefef0ace1d5fe4a5fac06d1e46e55c9a2180b98cbda540cdf4a15e5e6f17c99c473276524b10485be574032a66c34ce08a9c973e9a46c59249307dead41
-
SSDEEP
3072:PUvMMlibAYKY4rg4ODk2nCZdNcbjNXMga9j6n9aWBn:MvflibAYK/rFdwNcFI9aW
Score3/10 -
-
-
Target
rc7/rc7.exe
-
Size
7.3MB
-
MD5
7d585fca62401d87f593a2ea996163ad
-
SHA1
2e140791eb076af3b7f0624b250bcb3ad602eee0
-
SHA256
896e89326155661d897a5f78e847648673aa77542c284e5876b49315dfbc8573
-
SHA512
1cad3866366608a98d18e29478cf538f61b277b6333c38ff9f1bfe2cbfd364ac92e2728a45808e1d9847413496a0fceb09453eedc4cc6c8e857927578360c610
-
SSDEEP
196608:bOYS6yOshoKMuIkhVastRL5Di3uh1D7J5:SYSDOshouIkPftRL54YRJ5
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Hide Artifacts: Hidden Files and Directories
-