Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
8Static
static
1npcap-1.72.exe
windows7-x64
8npcap-1.72.exe
windows10-2004-x64
8$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...ll.exe
windows7-x64
4$PLUGINSDI...ll.exe
windows10-2004-x64
4$PLUGINSDI...re.dll
windows7-x64
3$PLUGINSDI...re.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...ec.dll
windows7-x64
3$PLUGINSDI...ec.dll
windows10-2004-x64
3NPFInstall.exe
windows7-x64
4NPFInstall.exe
windows10-2004-x64
4x64/NPFInstall.exe
windows7-x64
4x64/NPFInstall.exe
windows10-2004-x64
4General
-
Target
npcap-1.72.exe
-
Size
1.1MB
-
Sample
240805-xjwafavenm
-
MD5
cab256acf99dc6e0685c0567ea6ee658
-
SHA1
08aefa7d9a941ffe7d5c29d6b65d115109b5e2b7
-
SHA256
b0efd269d32e581da747e5050ef98d2eb91e6de9080e0918f5af85b485a4bdd1
-
SHA512
7f2147cd7d2e0e044e4e46c26df015decc4ae4c51d8500e91f1155cfe91e58c38d5f9a10710e6c70ba7ab590a4828e344ac32f28ecefaf9557429caac626af9b
-
SSDEEP
24576:uZHcNHqqSX6AQzHlPnK7N1F7nJRFoK7EjvEYwa2MVZcXxZzHN9zqn4:aTUHlPK7rFj3qK7a2MV43O
Static task
static1
Behavioral task
behavioral1
Sample
npcap-1.72.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
npcap-1.72.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240705-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/NPFInstall.exe
Resource
win7-20240704-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/NPFInstall.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/SysRestore.dll
Resource
win7-20240708-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/SysRestore.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240705-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240704-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
NPFInstall.exe
Resource
win7-20240704-en
Behavioral task
behavioral14
Sample
NPFInstall.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
x64/NPFInstall.exe
Resource
win7-20240704-en
Behavioral task
behavioral16
Sample
x64/NPFInstall.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
npcap-1.72.exe
-
Size
1.1MB
-
MD5
cab256acf99dc6e0685c0567ea6ee658
-
SHA1
08aefa7d9a941ffe7d5c29d6b65d115109b5e2b7
-
SHA256
b0efd269d32e581da747e5050ef98d2eb91e6de9080e0918f5af85b485a4bdd1
-
SHA512
7f2147cd7d2e0e044e4e46c26df015decc4ae4c51d8500e91f1155cfe91e58c38d5f9a10710e6c70ba7ab590a4828e344ac32f28ecefaf9557429caac626af9b
-
SSDEEP
24576:uZHcNHqqSX6AQzHlPnK7N1F7nJRFoK7EjvEYwa2MVZcXxZzHN9zqn4:aTUHlPK7rFj3qK7a2MV43O
-
Drops file in Drivers directory
-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Drops file in System32 directory
-
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
22KB
-
MD5
170c17ac80215d0a377b42557252ae10
-
SHA1
4cbab6cc189d02170dd3ba7c25aa492031679411
-
SHA256
61ea114d9d0cd1e884535095aa3527a6c28df55a4ecee733c8c398f50b84cc3d
-
SHA512
0fd65cad0fcaa98083c2021de3d6429e79978658809c62ae9e4ed630c016915ced36aa52f2f692986c3b600c92325e79fd6d757634e8e02d5e582ff03679163f
-
SSDEEP
384:E0C43tPegZ3eBaRwCPOYY7nNYXCA/YosaWqZmZsHLA+KhHgt:EBTgZ3eBTCmrnNAEQ1hKhHgt
Score3/10 -
-
-
Target
$PLUGINSDIR/NPFInstall.exe
-
Size
252KB
-
MD5
2400a7e797e848b767848a1d1abdce9a
-
SHA1
48c5b4818bf1a349046f2066f2ace922ba7f73a8
-
SHA256
dd72fbc54a219d3a157001ff0cb55016296062f0505801529c243feecdebb879
-
SHA512
980c431685d89161fd6f8f6c459dd2f41ee79ecbb0ea48e5c29aea9763154d5685b51f9d041b2482b9636891bc1c6d6a1afffedb92364b6b09212d31a190d45d
-
SSDEEP
3072:beAvCRFO25maSEPJJ1SxLtfJ5OGydgzwpXzcbU0ZFoecBkB3K9GyNyOLbTOa1sfG:bTCe+bM3MEU0Tjcb9rNyh/NGv
Score4/10 -
-
-
Target
$PLUGINSDIR/SysRestore.dll
-
Size
12KB
-
MD5
d1a3f71186e20741b2bb0cc33ca79609
-
SHA1
b04761c0b7bc46e864a776514e4476eb372ef73c
-
SHA256
49b0450567c281494620193d0f3598bad8a474ae9910fedb161855f09a8ec1f0
-
SHA512
7eb904e4d2a6d87bccbe3e3f6562e53940195303a8024d2b0dad142a7a546b7a7a9287966e6d696246349008966349b6b56a3ce47978dedf49205bcfeb962b16
-
SSDEEP
192:Qa8pU6GVdndRqSzNJw7YUXmZscF8Bd1LAeVBZHlA6u/:upZGVdndRqSzNqZmZsHLAOhk
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
19KB
-
MD5
f020a8d9ede1fb2af3651ad6e0ac9cb1
-
SHA1
341f9345d669432b2a51d107cbd101e8b82e37b1
-
SHA256
7efe73a8d32ed1b01727ad4579e9eec49c9309f2cb7bf03c8afa80d70242d1c0
-
SHA512
408fa5a797d3ff4b917bb4107771687004ba507a33cb5944b1cc3155e0372cb3e04a147f73852b9134f138ff709af3b0fb493cd8fa816c59e9f3d9b5649c68c4
-
SSDEEP
384:u8+Qlt70Fj/lQRY/9VjjgLmqZmZsHLAMThHdjnG:uSqFjm6YLP17ThHdC
Score3/10 -
-
-
Target
$PLUGINSDIR/nsExec.dll
-
Size
14KB
-
MD5
f9e61a25016dcb49867477c1e71a704e
-
SHA1
c01dc1fa7475e4812d158d6c00533410c597b5d9
-
SHA256
274e53dc8c5ddc273a6f5683b71b882ef8917029e2eaf6c8dbee0c62d999225d
-
SHA512
b4a6289ef9e761e29dd5362fecb1707c97d7cb3e160f4180036a96f2f904b2c64a075b5bf0fea4a3bb94dea97f3cfa0d057d3d6865c68da65fdcb9c3070c33d8
-
SSDEEP
192:JDkDr/HA5v6G2IElFernNQZGdHskJw7YUXmZscF8Bd1LOtNBZHld3Mu:aDrvAxnJGernNQZGdHVqZmZsHLOtLhHH
Score3/10 -
-
-
Target
NPFInstall.exe
-
Size
252KB
-
MD5
2400a7e797e848b767848a1d1abdce9a
-
SHA1
48c5b4818bf1a349046f2066f2ace922ba7f73a8
-
SHA256
dd72fbc54a219d3a157001ff0cb55016296062f0505801529c243feecdebb879
-
SHA512
980c431685d89161fd6f8f6c459dd2f41ee79ecbb0ea48e5c29aea9763154d5685b51f9d041b2482b9636891bc1c6d6a1afffedb92364b6b09212d31a190d45d
-
SSDEEP
3072:beAvCRFO25maSEPJJ1SxLtfJ5OGydgzwpXzcbU0ZFoecBkB3K9GyNyOLbTOa1sfG:bTCe+bM3MEU0Tjcb9rNyh/NGv
Score4/10 -
-
-
Target
x64/NPFInstall.exe
-
Size
301KB
-
MD5
69a2863281739e40702e40fde07ef72d
-
SHA1
8cf737fb5845a45445483cb1fae533c5a61da028
-
SHA256
5c2e569db9c5a978004b8fbf04ed372071ad998d759a12e5aaba470df158889e
-
SHA512
2315a4aa52f579a3633bd9c61c293b9fa78725d8331deee6ca24db70fb2565f431fc0f7f1ee84881b2e34b778ffc91c45e1b694ae517cdd266b0875e7089f178
-
SSDEEP
6144:kXsjhljsl2TL5ifT7SywFXe7Awk3VMQvOju:xjLs8H5ifHSBFO7ANF7R
Score4/10 -