Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

GlobalProt...th.dll

windows7-x64

1

GlobalProt...th.dll

windows10-2004-x64

1

GlobalProt...64.dll

windows7-x64

1

GlobalProt...64.dll

windows10-2004-x64

1

GlobalProt...ip.dll

windows7-x64

1

GlobalProt...ip.dll

windows10-2004-x64

1

GlobalProt...fs.jar

windows7-x64

1

GlobalProt...fs.jar

windows10-2004-x64

1

GlobalProt...er.jar

windows7-x64

1

GlobalProt...er.jar

windows10-2004-x64

1

GlobalProt...ce.dll

windows7-x64

3

GlobalProt...ce.dll

windows10-2004-x64

3

GlobalProt...ce.dll

windows7-x64

5

GlobalProt...ce.dll

windows10-2004-x64

5

GlobalProt...n.html

windows7-x64

3

GlobalProt...n.html

windows10-2004-x64

5

GlobalProt...EN.exe

windows7-x64

1

GlobalProt...EN.exe

windows10-2004-x64

1

GlobalProt...N.html

windows7-x64

3

GlobalProt...N.html

windows10-2004-x64

5

GlobalProt...W.html

windows7-x64

3

GlobalProt...W.html

windows10-2004-x64

5

GlobalProt...im.dll

windows7-x64

5

GlobalProt...im.dll

windows10-2004-x64

5

GlobalProt...sc.dll

windows7-x64

5

GlobalProt...sc.dll

windows10-2004-x64

5

GlobalProt....1.jar

windows7-x64

1

GlobalProt....1.jar

windows10-2004-x64

1

GlobalProt....0.jar

windows7-x64

7

GlobalProt....0.jar

windows10-2004-x64

7

GlobalProt....0.jar

windows7-x64

1

GlobalProt....0.jar

windows10-2004-x64

1

Resubmissions

26/07/2024, 09:06

240726-k2ts4ssbnb 10

20/06/2024, 20:05

240620-yts4havhph 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    GlobalProtect64.zip

  • Size

    61.4MB

  • Sample

    240726-k2ts4ssbnb

  • MD5

    d94be3b5cfe327f3fcca6ab819807555

  • SHA1

    94a0a69a771e1a869c76ce556a1d10068a916d59

  • SHA256

    67edf175321f92df454c58fc64babaf1905a2843b0fe7105a3d5c6146c0e9898

  • SHA512

    66d343c9b1dfeabf995927f83bdb44afc0ca573b7cdd3d2d289d69b46fbaafb7a7fdd147b144324f0aebc3fb32fdc6c23198b262d0956c673ab6ee19c728d887

  • SSDEEP

    1572864:gPVCf6uuQ9TRMlomJuhtkv/Tjyu9DyAH2DGpfx0:CVCf5uQdulomo8v/fn92/DMfG

Score
10/10
discoveryjnlppersistenceprivilege_escalation

Malware Config

Extracted

Rule
Java Network Launch Protocol (JNLP)
C2

$$codebase/$$codebasesuit.jnlp?whitelabel=$$whitelabel

Targets

    • Target

      GlobalProtect64/jre/bin/w2k_lsa_auth.dll

    • Size

      27KB

    • MD5

      6c0f8ac6829c84371b327665b3004ff5

    • SHA1

      59c66b5ae7686bf0683273e7b11f8ef70b5e54ae

    • SHA256

      f592de140e4db0469620270f37748aefea283ed424ca0cf3eb40eb0a3af09618

    • SHA512

      56222eeae1a724cfd11ca0c597252a41e0a42487719a640d19e652deac36a86891fbc61083f94d073d36dedb2e38d482be995632b19cb350b80d774aed8c4461

    • SSDEEP

      768:sbHCk14I6I3g9NoZTU35QUOHkbGGGGNET7T7T7T7lWa/CN7MADGghSu:Z64I6I3g9NoZTU35QUOHkbGGGGNET7Tq

    Score
    1/10
    behavioral1behavioral2

    • Target

      GlobalProtect64/jre/bin/windowsaccessbridge-64.dll

    • Size

      188KB

    • MD5

      2b18c2f9cb4bee0b1072915d459065d3

    • SHA1

      95ea66207579eb7827abdbd701b55627d335bf6c

    • SHA256

      81f7c35fc646611f1dc15b9c9ff383c0b506c7c036ae475e7f9d0fe43baa0a99

    • SHA512

      382b51a1a98dfac01af7766287adb5f75d1771a70ded33de8102223fa3636b8b8635b7893f82f342aa07d95ff100ebbd428df2ef79f05f01a927b326289e870b

    • SSDEEP

      3072:Dexwo7y6/TYzrQKGxho5kHVNaVHPG8rZEktmihVnbzutL:i6c7svExFHna1Bjy

    Score
    1/10
    behavioral3behavioral4

    • Target

      GlobalProtect64/jre/bin/zip.dll

    • Size

      79KB

    • MD5

      cae6c7fbc57396c6281587b718a7460b

    • SHA1

      6b0237b59834705fc1780754dacb8a921f1f16ad

    • SHA256

      8d72d8c3080f8bb84c5beb52e9f1a70398b5359376496ff4bf5cf99ec4384f3a

    • SHA512

      4fc222c12ccfe9dc709e60b5113ee08bdc5d319106cb8d150b836259c2eb6d98769ecb344ffc9d91a3856c05206bfe1b0281de7e6d774f4268819925755561ea

    • SSDEEP

      1536:+KFFt/zC6usMbYNMrYRy++ilIOQIOgDnToIf/aCUCzZY:+KFFt/zThWdGB+CGgTTBfSCdm

    Score
    1/10
    behavioral5behavioral6

    • Target

      GlobalProtect64/jre/lib/jrt-fs.jar

    • Size

      103KB

    • MD5

      3734e952e4d0fd7203b8e83bc4af1770

    • SHA1

      acbf50b27cdc0bca240e06ff35f02ade48c69d08

    • SHA256

      2259ea051efbbd2b607df64424795f4692e31cc1b1c81c05e147d1fb403da099

    • SHA512

      4768b4a5d29da0bebc8fc404d35216a1de1e6d1e102f13714cf7786b2ccc1c2bf345c9f77343106510adcf3f340bf71f9bf7c62c534997fc024fabebc2247e58

    • SSDEEP

      1536:/oB0aDMc6noBGjLReZtX7+3FzTlmdKTUtDSd0v+31UHK+ojbdIceZ+KCF:wB0s0z/R9lQdEjd00+ojbdi+KS

    Score
    1/10
    behavioral7behavioral8

    • Target

      GlobalProtect64/launcher.jar

    • Size

      23KB

    • MD5

      09e93b736e4d9d2755173736cbb624d0

    • SHA1

      1854bb99f9b5f985e52f5a19144d457a5c8ee7ae

    • SHA256

      d0c50063921cb382e1c0127cbdfeef29e21b4ba7ac75c3b7580a387df06f31e1

    • SHA512

      b2fac9a6574d9f30f0c1ff6a9a37b42e983184a5b9e6195455486f6a185018c06f4bcf2e7fc65a2f5a566d5a70a474231e1a54acf375fc0f75e34c09f0eb0b8e

    • SSDEEP

      384:Yx1XF0J4OYi0bRTIjXnpJUxeC3gyVItBinDJiQTxEQlHZWwuMc7Pv3/u:Yx110J4OXiWj3pJUxePinDJkQlHZWwum

    Score
    1/10
    behavioral10behavioral9

    • Target

      GlobalProtect64/lib32/RTDService.dll

    • Size

      369KB

    • MD5

      8baa5a8e8b604459e20e03b0082581b2

    • SHA1

      d2bed22b1daf721c9c7139a86cc5b9a2ad044d24

    • SHA256

      a51603844f1759649eb5401ba6a212c5bf6a69c5b8d2570a3fc3b4e97cb1adb6

    • SHA512

      663522ccc7b9b662ffc20889b58feb29e77fa3013b0f5ba296eeae97cfcf631f65394e152e83e55c0f20be9d49e5160c1d917128f13b4e8fd68e176ce37cd3f0

    • SSDEEP

      6144:xMG1oP76qPklltz/Ua8+/g6amQTiflgqkas6Tj3tHopma2iSFuwSHBLQvx:WG1oP76qPkll91D7a3iNg54Tj3tHoPZY

    Score
    3/10
    discovery
    behavioral11behavioral12

    • Target

      GlobalProtect64/lib64/RTDService.dll

    • Size

      442KB

    • MD5

      7188ba7f46dbbe324472c22a814a884a

    • SHA1

      dc855cbeef47a1945baebbf1b7abe7f9ed718549

    • SHA256

      bf9b6a71f3c71ad3cbdb12f1d37cca025aafc1afc0120c783acb83e8ce54c3e5

    • SHA512

      bba1af40d5f182380e20587282e8cb037f0dbf91ec28ae2ef2f88336fa155e8dcd4e4ffe27b6a7e3b2a3be67695e1c69c1d0a37d6bf6eb4ceafbf4543095e5ca

    • SSDEEP

      6144:+mXdszM4ebIDp9FB7qJG8Ti1rrvcjr2s1Hw0q6aCxWRCmTYh5U:+g2MlbkFB7qJGZpGalR7

    Score
    5/10
    persistenceprivilege_escalation

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation
    behavioral13behavioral14

    • Target

      GlobalProtect64/license_en.html

    • Size

      532B

    • MD5

      461873fe67aca4fd4ab23bf0b38b6473

    • SHA1

      abbd5c231806b0cfc8d1d0c86aa3e8675692a86b

    • SHA256

      d16fec6375adf17ab7ecfc384139dbe676182fdbd53f92d84179a4d41e19affc

    • SHA512

      9d71fe4cdeb4a37754c57ed1ec3f5b2338c187216adf7e7b538573b18c579521df1918716f4fa336a835b06c1e9cb32c913de07a8d991acdbde7112ac9b255ea

    Score
    5/10
    discovery

    • Drops file in System32 directory

    behavioral15behavioral16

    • Target

      GlobalProtect64/license_us_EN.html

    • Size

      1.7MB

    • MD5

      2f646fcc13c2c392c4af2f2d83a08a25

    • SHA1

      9ac5faae7de79ce79cc4d8dacc078b37c7ec8874

    • SHA256

      38ff6bcb91bd6cbceec26bc60007c60031d9f35181fbae851bd239f361cf38db

    • SHA512

      2fe323f45990398cd7bca29c43e53611c45d08ae4f146bae6afd978d1c5ee8f4c5945c146866362e474d9e3d6f2e5c4741aea8d446a157469bf2d7424b5dbe3c

    • SSDEEP

      24576:euUSd9wKpW9E/Cs5MfCG1PooH0oxc5lhH0oxc5l:+SXwKpW9E/BMfCG910om5lF0om5l

    Score
    1/10
    behavioral17behavioral18

    • Target

      GlobalProtect64/license_zh_CN.html

    • Size

      403B

    • MD5

      b44a3b3bff9b6112fd91d0044d714766

    • SHA1

      cfe32d1a1183407caa77ab5d93f2783eb746b0d7

    • SHA256

      72f47e9a733674019af0539aba9869adbb48ee0482afbd92cba05be78173d766

    • SHA512

      db63df5bbaf485fc8ec8775fe674eebd3c98c5acedd4ddad2f8ce3244edd1bf44b174826e0cbe96b557ba480ce496ff3add5b95f3e008b053d7782b422ea45ea

    Score
    5/10
    discovery

    • Drops file in System32 directory

    behavioral19behavioral20

    • Target

      GlobalProtect64/license_zh_TW.html

    • Size

      403B

    • MD5

      a356a23fe603e2f25c01c8467ce1422e

    • SHA1

      ebc4dd99072be176a6ac5b521a6e6509cc281fa4

    • SHA256

      6ce092a75aed47fd71a6abbace57ee232f20c99daa0275f960d003010182df34

    • SHA512

      b57074ff838565de1081ba97333d11fdbb3e6a10fe53985743d12a7c2b4e5529ec4ad23dad07410322d5b650d69b202a868ea785ee54d706185923f88e8ff6f2

    Score
    5/10
    discovery

    • Drops file in System32 directory

    behavioral21behavioral22

    • Target

      GlobalProtect64/npthinkorswim.dll

    • Size

      905KB

    • MD5

      98f22818f5536375e206ee86a5665a68

    • SHA1

      246a6abffbcd718a609eddcd7d7c916ed58c3f66

    • SHA256

      52ff17f854cd064698b54c8381bdddbe29791a9b582decbd7894fb3472cd56da

    • SHA512

      76a673757bde180c530ba4ef8b5aec9e58014596d86982d8ec62e10facf17ebc36d5bef935d248c424b36d147fca86c1b5ac033549a0c00d08c39246baa93e42

    • SSDEEP

      24576:qO3ZsjnZqTL8FRJUL+xpPNQRQa3E09kNXKM26pF7U+LFCB+WERgpeT:tXTL8a9cvU+LUkWIgpe

    Score
    5/10
    discoverypersistenceprivilege_escalation

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation
    behavioral23behavioral24

    • Target

      GlobalProtect64/nptossc.dll

    • Size

      904KB

    • MD5

      ba28ea3712fb6ed00f6546101ae19f90

    • SHA1

      c7b1b6db54e5ac39aa10a2c66a7aa60838482d70

    • SHA256

      54924d3439229f16b0238464a4071be467f8dc75e0e531136660502d54ab69d2

    • SHA512

      e9788733db494223959680aedd659d12880df4b4739090348bad7fd18c314d7056720a574582158c17442549e681e4fc537ccdb3e89bf123156c954245f04a72

    • SSDEEP

      24576:3EIL5yWyNdKl2dVLRdRqnmPHo6qrxqyOc+Yk/IQkLDIO2Nw/IOltx7EyP1A:gNdtbilZnDIOz/Ic7EyP1

    Score
    5/10
    discoverypersistenceprivilege_escalation

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation
    behavioral25behavioral26

    • Target

      GlobalProtect64/suit/1979.1.503/VeracodeAnnotations-1.2.1.jar

    • Size

      11KB

    • MD5

      2ee1616fe0fb07bfe6bf9fc7bb7e07b6

    • SHA1

      1734f1197a39fe10c581cb63dd4c58d349886096

    • SHA256

      b8a5c12ae25560c7acab9bbca3d9150d08930e9624b842e6c5d3774ab55ad30d

    • SHA512

      415479fddddc29c0e015f0c415da4a929b23ff07eda71474a3cc0e75568720925b46603ddc59ae0721298333c80c10a7d680b8c41621e63a827276a1564a6972

    • SSDEEP

      192:X1t+9O4IMx94nUPL2h0pkRy3PzVK8qp74TCV1wLkQmY4+3Swf95X+2Zfdu3C+t1e:FtsmMx94nUPL2h0+Ry/zVM74T9kQmN+v

    Score
    1/10
    behavioral27behavioral28

    • Target

      GlobalProtect64/suit/1979.1.503/jna-5.7.0.jar

    • Size

      1.6MB

    • MD5

      9407511359ce07f4f2e1bafd87f3059d

    • SHA1

      525fac90c2c6d373dc23b4aea97134f56effa6d0

    • SHA256

      2633cafdd9ce22b753d5851a2bfeac40a5bc6d2178f723583a7b476eff589e5d

    • SHA512

      15b780096df7927b1739046895738de7c6f5585668276592c6066a2ef9bb1f746c74bce89559d51ec94faa3ff18d9d9579bbd96e4f038bf5c7e9521e6e54240d

    • SSDEEP

      49152:gk20tgHQEDp7r/Z6kvMw5Y1CGHfaw9EFMTAklgShYhbtdXhzY:gj0tgwEDdZh9qHfagE6eKw7hzY

    Score
    7/10

    • Loads dropped DLL

    behavioral29behavioral30

    • Target

      GlobalProtect64/suit/1979.1.503/jna-platform-5.7.0.jar

    • Size

      1.4MB

    • MD5

      5858cfdb8ed69520f29a66a17bd3a74f

    • SHA1

      60a19c3e9114c93313d838e1f49db6c06e741891

    • SHA256

      2e25a643c6a44b13ee131bc76e4212f442faa16e507a443d2cc29732588ee3d8

    • SHA512

      0441580884dca4fb1ca54bbbc6cf1a2753b1c70d3517ed137a2c52feedd162b11690e6701142c8a06b0d3be283608e1e7aaef7a43f5127affa568a3bbd2978e7

    • SSDEEP

      24576:uTkAKtNY5zz61fUYJo7zzlXcOK84wtftONCreS0aWoTZGk4g2xzuqkVT:uoAKjY5n6CYJYML841kn0UZN4z1uxVT

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

jnlp
Score
10/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

persistenceprivilege_escalation
Score
5/10

behavioral14

persistenceprivilege_escalation
Score
5/10

behavioral15

discovery
Score
3/10

behavioral16

discovery
Score
5/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
5/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
5/10

behavioral23

discoverypersistenceprivilege_escalation
Score
5/10

behavioral24

discoverypersistenceprivilege_escalation
Score
5/10

behavioral25

discoverypersistenceprivilege_escalation
Score
5/10

behavioral26

discoverypersistenceprivilege_escalation
Score
5/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
7/10

behavioral30

Score
7/10

behavioral31

Score
1/10

behavioral32

Score
1/10