Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

npp.8.6.7....64.exe

windows7-x64

5

npp.8.6.7....64.exe

windows10-2004-x64

4

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...al.ini

windows7-x64

1

$PLUGINSDI...al.ini

windows10-2004-x64

1

$PLUGINSDI...er.bmp

windows7-x64

3

$PLUGINSDI...er.bmp

windows10-2004-x64

7

$PLUGINSDI...rd.bmp

windows7-x64

3

$PLUGINSDI...rd.bmp

windows10-2004-x64

7

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    02/08/2024, 23:13 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    npp.8.6.7.Installer.x64.exe

  • Size

    4.6MB

  • MD5

    d401161afb56b8647202e031cec1ae78

  • SHA1

    6eb7ed61ccdb0bd5018271a3ec24b63b913fc281

  • SHA256

    81470eb5917705fa0df03181b8112422671842bdcec5252a7894975b38058c91

  • SHA512

    01df1134b9f4d6bb44a8f23a9ba8191dbfb20ed1eb5f249331000955f6b340b1e3e3a6c0e237456a39a712f77d90fe85fc4b946832c88fe4617e45daea9c966b

  • SSDEEP

    98304:YtvLd2AV2+xDkRCH60uSzAUc8/hx2y5ho31X9pf86Mxxik5WVzZpZvO:YtBTZFET0Jcq2Kho31Xf06MzvAF/ZG

Score
5/10
discoverypersistenceprivilege_escalation

Malware Config

Signatures

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 64 IoCs
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 27 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 9 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\npp.8.6.7.Installer.x64.exe
    "C:\Users\Admin\AppData\Local\Temp\npp.8.6.7.Installer.x64.exe"
    1⤵
    • Drops file in Program Files directory
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:316
    • C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Program Files\Notepad++\contextMenu\NppShell.dll"
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:828
      • C:\Windows\system32\regsvr32.exe
        /s "C:\Program Files\Notepad++\contextMenu\NppShell.dll"
        3⤵
        • Loads dropped DLL
        • Modifies registry class
        PID:1956
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe" "C:\Program Files\Notepad++\notepad++.exe"
      2⤵
        PID:2932
      • C:\Program Files\Notepad++\notepad++.exe
        "C:\Program Files\Notepad++\notepad++.exe" "C:\Program Files\Notepad++\change.log"
        2⤵
        • Executes dropped EXE
        PID:2432
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
      1⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:444
      • C:\Program Files\Notepad++\notepad++.exe
        "C:\Program Files\Notepad++\notepad++.exe"
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:328
        • C:\Program Files\Notepad++\updater\gup.exe
          "C:\Program Files\Notepad++\updater\gup.exe" -v8.67 -px64
          3⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious use of SetWindowsHookEx
          PID:768

    Network

    • flag-us
      DNS
      notepad-plus-plus.org
      gup.exe
      Remote address:
      8.8.8.8:53
      Request
      notepad-plus-plus.org
      IN A
      Response
      notepad-plus-plus.org
      IN A
      91.108.100.0
    • 91.108.100.0:443
      notepad-plus-plus.org
      tls
      gup.exe
      394 B
       259 B
       5
      6
    • 127.0.0.1:49753
      gup.exe
    • 8.8.8.8:53
      notepad-plus-plus.org
      dns
      gup.exe
      67 B
       83 B
       1
      1

      DNS Request

      notepad-plus-plus.org

      DNS Response

      91.108.100.0

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files\Notepad++\change.log
      Filesize

      1KB

      MD5

      2070dbf01930ca2668dd4a071d751c4f

      SHA1

      7d9b4252f5a5f70c90c6aed3ce5420cb712fe233

      SHA256

      601fc25d56652661e555eaf263ad7860c75a557fb7d466adc7ad3a1541ccef68

      SHA512

      9d776bc90e2178f4d02d939ddb6a7a0e5907868d51289c25059e005b079f493c114c94a778f1d961665bdf966c1a64304fad434959d71f2e0c4ce5f1696c135d

      Download Submit

    • C:\Program Files\Notepad++\contextMenu\NppShell.dll
      Filesize

      375KB

      MD5

      201c06dc1a485f6a74b21c9b739c2eae

      SHA1

      96c1f31f32804db333148175224b453a28032d9e

      SHA256

      5b2ab24d0f1a1a9691352a467fe4aad18454408b6f7700420c578f30c46d5cbb

      SHA512

      74251b5a6d1474a04b8d85b14a8581670ffc662b6a14d23af84b53ff4bff9cefc7ffe850a4a230ae486dca89fdbe54e91339634917962544a05cbd7e3c7df70a

      Download Submit

    • C:\Program Files\Notepad++\langs.model.xml
      Filesize

      460KB

      MD5

      6dc18e98260a6d648c591200f14c9bf6

      SHA1

      c5d3343d3f91dbfe4db4abfe8ca762104b32b995

      SHA256

      e3c7749a2caf5ed7d5ad3ee5b6e341d1dcd5cbffe56d2ac9c910ee4bf7e8814e

      SHA512

      6c0fa09b4712f6aa2397927a7261a7c06fad4d528d8be1aca94bdb065614b83d070e91b484c1133bb9de9180a2f48724d5108c7e43da0aa65917cd7e543b66db

      Download Submit

    • C:\Program Files\Notepad++\plugins\Config\nppPluginList.dll
      Filesize

      208KB

      MD5

      daa999587d75d05f292c3ca30238168e

      SHA1

      3c45d0213bbd7b8e29071d5e0fd5323ee10a14a4

      SHA256

      bfc176fc4b3d1a948020000e63738ba07c75f0f6c82d9d535223f6d546ccd2dc

      SHA512

      0a0ede2687000b1b1512060bde61c26ba1c9f900d4c06df94fd7a43f904a19e521392bbdf2ec2968b281ef6852f0498c8fa3dab5ab49e9bfacbdb25899b7c194

      Download Submit

    • C:\Program Files\Notepad++\plugins\mimeTools\mimeTools.dll
      Filesize

      145KB

      MD5

      8c9d93cbd75e63b81bd0b5c12f68af6d

      SHA1

      3acfeb2e7a7d72c840b0225cf6ae38550610dd02

      SHA256

      a7d6da97ed2b1ec210c9563b94ffa7d12119e9d7074873323068e712c3d36a1e

      SHA512

      db969f4af272e0dc3f6961ff7bc9c8bf3b9f252186b71456702dc582a782a30fc74dc8579554b364d000f026fb74992fd59e8e7e7142ce5ee44eaee1d8e4835e

      Download Submit

    • C:\Program Files\Notepad++\shortcuts.xml
      Filesize

      3KB

      MD5

      fb573784b83033dd4361f52006d02cb8

      SHA1

      0a2923a44ec1bd5e7e8bc7cace15857ae03bf63c

      SHA256

      37a24662cd55b627807bc2bb7cbba5bbf2abaf6da4dd7bbb949bfaa7903eae9c

      SHA512

      753b44b5e8bea858cf5cc5ddfdc38098a2f3f921949cf98706ead95bdfa1de7ab0c115e9d69237623a03c422969480204c69d3ba277141527458c68230d0c67c

      Download Submit

    • C:\Program Files\Notepad++\stylers.model.xml
      Filesize

      190KB

      MD5

      9ff5fb88c47ac8e7c99f9f340f2d909a

      SHA1

      5c4abd414ed87fc4f16eb9f9b39c690f3cd1ca22

      SHA256

      070a560ecd7ab3f787bd7674bdde50aa906e895553f07beb74fd140b193627fb

      SHA512

      8c1af565b19803ee665147ee7d5dab420f591e2faba8d7f6db95e9e9b911bdf9586fca20851f04152fe4f7c98b354e3e16f84140dcab9aac22e0b2233c4cf4fc

      Download Submit

    • C:\Program Files\Notepad++\updater\gup.exe
      Filesize

      789KB

      MD5

      7744ed6fac4775706938298f9cb5ba0d

      SHA1

      2f20777a19b81a4b37de89e4d5a9b8eda21b51a6

      SHA256

      b9c965aa538c21b4702ec7e4f3ac47fc999e1cd505d69e0896a309f7956bb351

      SHA512

      9a6d02f58367c3bb728e81566685b0292232e4cd3e5c6b4eed65928026115e7a1fe20e1248950431a5a9d0b5e477310d756f9a70b9337edebee9b2a9acae47fb

      Download Submit

    • C:\Program Files\Notepad++\updater\gup.xml
      Filesize

      4KB

      MD5

      abde55a0b1cb4a904e622c02f559dcd1

      SHA1

      1662f8445a000bbf7c61c40e39266658f169bf13

      SHA256

      92717951aae89e960b142cef3d273f104051896a3d527a78ca4a88c22b5216a5

      SHA512

      8fe75fb468f87be1153a6a0d70c0583a355f355bfe988027c88d154b500e97f2c5241d9557ebb981067205e2f23ad07b6a49c669cd3e94eaa728201173b235a0

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nseEE86.tmp\ioSpecial.ini
      Filesize

      1KB

      MD5

      76e4e423b5f674721c0eb37b6d7cc067

      SHA1

      9a20e3971b41577ceb295dd963168111cd14d501

      SHA256

      2ce22575c95a60bc58c0408f973cd9b30fa2521316685c3f601c8e41a42338c3

      SHA512

      4d3ad5ecf5c3154c95fade071f9bc85db4e18f2f83c0c6d6328120c753b37bac68d48ef0f029f369df6524ba4503f3031c582ff22a471a499b7ac9287f22c61d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nseEE86.tmp\ioSpecial.ini
      Filesize

      1KB

      MD5

      e302db2fd453c0d22d5d11d3540c21ae

      SHA1

      e952d6ecb41cffca8d1e9c178af75e63c5c63502

      SHA256

      82c9c6cffbc83f467df2c25549b5a48f6deba8242bd85267ad021afff00bb284

      SHA512

      51e94d9a185e41565bb06209ed05e5467f3ddc99401222e92cc379b494847edb5a5bd374ead887b2ef7c437cc6472720c4174a24b8703348f75a09cbfa89722f

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nseEE86.tmp\ioSpecial.ini
      Filesize

      1KB

      MD5

      5d8163b0a4b8bd6f44b3191115c4f12c

      SHA1

      f4691464c50c8b66c54de1e1b9a27175ab4a43ad

      SHA256

      221e89ccf37abd64189dc5f70ef0e09969abf61166c12b2842f949e051ffa318

      SHA512

      8eec1e748e36d387a45490bec043f36e827630d6ff02ed2d931b5421bafaf8250659309bf517f090560879acf79cdbd395b5cf8c4f3b1291bd0e3d6208fe7afb

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Notepad++\contextMenu.xml
      Filesize

      4KB

      MD5

      fde4cc09d1c18c6cd7c1a4878e89d27e

      SHA1

      22fba21b254fed1a60da5de2b8af3cf6e132b647

      SHA256

      43ac0b7ba9b1f91fd8d4841b8119344e6212b307a1decccf61658f31d38bb425

      SHA512

      fcc87b93cb4dd0949e82edb7d2788d7abd317f9f4c5f046ceba1cd85a64b12b29c6baba3e8646265db02a48a2dc20c3b5e893a1334d9b1e91d26692b4e9c2d29

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Notepad++\plugins\config\converter.ini
      Filesize

      646B

      MD5

      f07150054a6afff4d8e9d58899167722

      SHA1

      e092cd960ab728667d91b37d64a02d7f6821518b

      SHA256

      5b0a08439e8e93817772f84e1098f14152d9da36c2601a0600ddaae6f61359d0

      SHA512

      8c86aa4c058a8ab5fd26f21cacc8ddaffa8ce6012bb329d3c5b817da00b4b43018a575c768d1921c6eeab7537f172c7cb3de658b014365ea52fb3c87547182b9

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Notepad++\toolbarIcons.xml
      Filesize

      2KB

      MD5

      bc4b775a277672fc7edf956120576ecb

      SHA1

      fe7c2db5b4d4c5a3f5603cf56c4d71cc9ee2d71d

      SHA256

      4ec98de37193f41242c1a47507bcc4c1af555e71154f7354272bc3e664e19877

      SHA512

      f87dc3ce52831ee308fbfa2b1b94c07e2811e7028360f046e012f8ea5a8f0ebcd362de7a663dee810c3da0791474c1485b1a2626c7867e76236156b125ff39b2

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Notepad++\userDefineLangs\markdown._preinstalled.udl.xml
      Filesize

      6KB

      MD5

      672e6d5f89887666ec94711e442644e0

      SHA1

      8d069ae93347316eff0dcf7aff4d22da18a62af2

      SHA256

      b34fe6811dacfe49d77d434123867e866daf6e0e27387a0446887dabe8943f04

      SHA512

      8fc5e9bbe027826304fa6f329fb16e4c9e4e7a597d87e9c691ed6a9f505b7bc1967339b43c6426105432a030260b0654468ab8fcbb4312b2fb6ed6c6aa537edc

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Notepad++\userDefineLangs\markdown._preinstalled_DM.udl.xml
      Filesize

      6KB

      MD5

      3690cef1865e32fe6be1b2ec7656539a

      SHA1

      bc043bec63c310a60d9e242810036460c467945d

      SHA256

      e45e49f0895249d951df2c07e0f06ca1242e05c961dd921e5aa2781ae2e7ff25

      SHA512

      c2be869d96baec2018e13dcf5934dd9cf74146541e852cc2eedb4d83a8af23e2577cde7a0158fefaa11056416ff039df3a7725e320620193e9bfe72c8067c051

      Download Submit

    • \Program Files\Notepad++\notepad++.exe
      Filesize

      6.9MB

      MD5

      013dd1c256a30cc3926b828cce0ebcc9

      SHA1

      1bd408453ae299385ab0b09edc84312a8379156a

      SHA256

      86aa89aaf2b85dd3cd9482aa90411fc9176b0dd642c54c13c0e3324518f54574

      SHA512

      83b57663adc290dc97f0939485b0e46f4cb90edc3542a856a394eeaaacd9e7cf66bccdfad2de2ad9bc84954d5229fc052702ca82c29e428f689125adfa196f4f

      Download Submit

    • \Program Files\Notepad++\plugins\NppConverter\NppConverter.dll
      Filesize

      198KB

      MD5

      fe47a5394ad80794d0e5d2f4d35758d5

      SHA1

      f83b072945493899d8280bc962551c24acefd147

      SHA256

      b2a56428cfa2e9ad9f85d6832e2b5b2e1489be66806c3590d42f3d3b7c8edaff

      SHA512

      2e99f823e84945f1a8c6bd33d499d4b1d8ddcf704abf688ce350c4a7caa66608c292c549208a4942d9be7c605bda84e768dd30ee39d751d32cb29a0f490c13d4

      Download Submit

    • \Program Files\Notepad++\plugins\NppExport\NppExport.dll
      Filesize

      153KB

      MD5

      b53f287847b2657b4ab19581821db4d4

      SHA1

      bf0e5307514a29c4d7995cc7087dac83b9e37a24

      SHA256

      e14b00514a4be327622db2097c41dffd94d36f58a923cc604f680b6f7a0df726

      SHA512

      1b1638c5855743c26e7d97680c24b2b8a1d3ad0b99808dda39114a840237780379422c7e6a329135a753125a418ffd4e62d97c0564293aba3f322a2062af2b08

      Download Submit

    • \Program Files\Notepad++\updater\libcurl.dll
      Filesize

      732KB

      MD5

      a4f81a9473e13a636a23b8e84d0c63c1

      SHA1

      675f8077e38a7a72c41871627ed5f003746fb8b1

      SHA256

      eb654233b73a7031fd966068713b5f5d430242ee9c2c3b5a4a6dc0cccbb722be

      SHA512

      325f9a9e7250a42d71ccb736907c8f06774ab7eafe4c89842a585d52faffee95d6e86944c96e9e692446edf0ca17620feb7c16a6cf84af43a19851f171e54694

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nseEE86.tmp\InstallOptions.dll
      Filesize

      15KB

      MD5

      d095b082b7c5ba4665d40d9c5042af6d

      SHA1

      2220277304af105ca6c56219f56f04e894b28d27

      SHA256

      b2091205e225fc07daf1101218c64ce62a4690cacac9c3d0644d12e93e4c213c

      SHA512

      61fb5cf84028437d8a63d0fda53d9fe0f521d8fe04e96853a5b7a22050c4c4fb5528ff0cdbb3ae6bc74a5033563fc417fc7537e4778227c9fd6633ae844c47d9

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nseEE86.tmp\LangDLL.dll
      Filesize

      5KB

      MD5

      50016010fb0d8db2bc4cd258ceb43be5

      SHA1

      44ba95ee12e69da72478cf358c93533a9c7a01dc

      SHA256

      32230128c18574c1e860dfe4b17fe0334f685740e27bc182e0d525a8948c9c2e

      SHA512

      ed4cf49f756fbf673449dca20e63dce6d3a612b61f294efc9c3ccebeffa6a1372667932468816d3a7afdb7e5a652760689d8c6d3f331cedee7247404c879a233

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nseEE86.tmp\System.dll
      Filesize

      12KB

      MD5

      4add245d4ba34b04f213409bfe504c07

      SHA1

      ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

      SHA256

      9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

      SHA512

      1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nseEE86.tmp\UserInfo.dll
      Filesize

      4KB

      MD5

      d458b8251443536e4a334147e0170e95

      SHA1

      ba8d4d580f1bc0bb2eaa8b9b02ee9e91b8b50fc3

      SHA256

      4913d4cccf84cd0534069107cff3e8e2f427160cad841547db9019310ac86cc7

      SHA512

      6ff523a74c3670b8b5cd92f62dcc6ea50b65a5d0d6e67ee1079bdb8a623b27dd10b9036a41aa8ec928200c85323c1a1f3b5c0948b59c0671de183617b65a96b1

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nseEE86.tmp\nsDialogs.dll
      Filesize

      9KB

      MD5

      1d8f01a83ddd259bc339902c1d33c8f1

      SHA1

      9f7806af462c94c39e2ec6cc9c7ad05c44eba04e

      SHA256

      4b7d17da290f41ebe244827cc295ce7e580da2f7e9f7cc3efc1abc6898e3c9ed

      SHA512

      28bf647374b4b500a0f3dbced70c2b256f93940e2b39160512e6e486ac31d1d90945acecef578f61b0a501f27c7106b6ffc3deab2ec3bfb3d9af24c9449a1567

      Download Submit

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.