Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
8Static
static
3avg_secure...up.exe
windows7-x64
8avg_secure...up.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDIR/Midex.dll
windows7-x64
6$PLUGINSDIR/Midex.dll
windows10-2004-x64
6$PLUGINSDIR/jsis.dll
windows7-x64
3$PLUGINSDIR/jsis.dll
windows10-2004-x64
3$PLUGINSDI...ON.dll
windows7-x64
3$PLUGINSDI...ON.dll
windows10-2004-x64
3$_106_.dll
windows7-x64
1$_106_.dll
windows10-2004-x64
1General
-
Target
avg_secure_browser_setup.exe
-
Size
5.8MB
-
Sample
240806-tx31natfjn
-
MD5
307f6d07dffc9c83b9af06a266225959
-
SHA1
28f5891349c98de90d07d10da8293e3a719aaabb
-
SHA256
fa8064a6eca9a30e4525c9135d7ffb45a5d25dda297fa10f0e91bb721ea529f9
-
SHA512
d68162b2965324e10c14fbc809932e675653562225da411e95972491f3300ea63f031822b6d21aff99e3ef90fa46a626140c3c411c9a35bfc23a849b3a5b8ae6
-
SSDEEP
98304:tALz1JdBgUZrjJeVcqdYwyQ50Fk8ou3xUEBS9/RZJUGXjZvYHiUYDt:tAzPzgUZrt54Yj20Fk8oLEBSZRfUGT6E
Static task
static1
Behavioral task
behavioral1
Sample
avg_secure_browser_setup.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
avg_secure_browser_setup.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/JsisPlugins.dll
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/JsisPlugins.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/Midex.dll
Resource
win7-20240704-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/Midex.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/jsis.dll
Resource
win7-20240704-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/jsis.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/nsJSON.dll
Resource
win7-20240705-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/nsJSON.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
$_106_.dll
Resource
win7-20240708-en
Behavioral task
behavioral12
Sample
$_106_.dll
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
avg_secure_browser_setup.exe
-
Size
5.8MB
-
MD5
307f6d07dffc9c83b9af06a266225959
-
SHA1
28f5891349c98de90d07d10da8293e3a719aaabb
-
SHA256
fa8064a6eca9a30e4525c9135d7ffb45a5d25dda297fa10f0e91bb721ea529f9
-
SHA512
d68162b2965324e10c14fbc809932e675653562225da411e95972491f3300ea63f031822b6d21aff99e3ef90fa46a626140c3c411c9a35bfc23a849b3a5b8ae6
-
SSDEEP
98304:tALz1JdBgUZrjJeVcqdYwyQ50Fk8ou3xUEBS9/RZJUGXjZvYHiUYDt:tAzPzgUZrt54Yj20Fk8oLEBSZRfUGT6E
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Downloads MZ/PE file
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks for any installed AV software in registry
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
-
-
Target
$PLUGINSDIR/JsisPlugins.dll
-
Size
2.1MB
-
MD5
d21ae3f86fc69c1580175b7177484fa7
-
SHA1
2ed2c1f5c92ff6daa5ea785a44a6085a105ae822
-
SHA256
a6241f168cacb431bfcd4345dd77f87b378dd861b5d440ae8d3ffd17b9ceb450
-
SHA512
eda08b6ebdb3f0a3b6b43ef755fc275396a8459b8fc8a41eff55473562c394d015e5fe573b3b134eeed72edff2b0f21a3b9ee69a4541fd9738e880b71730303f
-
SSDEEP
49152:rWUF3+DvlxaVlUj2UxF9TWkWbQWxACvRG+OZ1m/I31he2UaIyuK:rtF3+DLaVlUFWkWbQWx1JtOLm/IgaI
Score3/10 -
-
-
Target
$PLUGINSDIR/Midex.dll
-
Size
126KB
-
MD5
2597a829e06eb9616af49fcd8052b8bd
-
SHA1
871801aba3a75f95b10701f31303de705cb0bc5a
-
SHA256
7359ca1befdb83d480fc1149ac0e8e90354b5224db7420b14b2d96d87cd20a87
-
SHA512
8e5552b2f6e1c531aaa9fd507aa53c6e3d2f1dd63fe19e6350c5b6fbb009c99d353bb064a9eba4c31af6a020b31c0cd519326d32db4c8b651b83952e265ffb35
-
SSDEEP
3072:sACUTz1JlJmpGB6yK4H9l4o8rr4YlixbSrZKbazGk:sACUTz1JlopG5K4OZgeC
Score6/10-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
$PLUGINSDIR/jsis.dll
-
Size
127KB
-
MD5
2027121c3cdeb1a1f8a5f539d1fe2e28
-
SHA1
bcf79f49f8fc4c6049f33748ded21ec3471002c2
-
SHA256
1dae8b6de29f2cfc0745d9f2a245b9ecb77f2b272a5b43de1ba5971c43bf73a1
-
SHA512
5b0d9966ecc08bcc2c127b2bd916617b8de2dcbdc28aff7b4b8449a244983bfbe33c56f5c4a53b7cf21faf1dbab4bb845a5894492e7e10f3f517071f7a59727c
-
SSDEEP
3072:d3Zk9fOAewM0+W8NVH28fB948igEWo8P+fidax:d3qNOApM1G8fBpidWZ2
Score3/10 -
-
-
Target
$PLUGINSDIR/nsJSON.dll
-
Size
36KB
-
MD5
f840a9ddd319ee8c3da5190257abde5b
-
SHA1
3e868939239a5c6ef9acae10e1af721e4f99f24b
-
SHA256
ddb6c9f8de72ddd589f009e732040250b2124bca6195aa147aa7aac43fc2c73a
-
SHA512
8e12391027af928e4f7dad1ec4ab83e8359b19a7eb0be0372d051dfd2dd643dc0dfa086bd345760a496e5630c17f53db22f6008ae665033b766cbfcdd930881a
-
SSDEEP
768:91vTYFHvlhqjbm8oEHB6hC+/3P4LA27bRpjYiidWAMxkE6:91bYPHqu7EUhL27bTj7LxO
Score3/10 -
-
-
Target
$_106_
-
Size
6.4MB
-
MD5
f40c5626532c77b9b4a6bb384db48bbe
-
SHA1
d3124b356f6495288fc7ff1785b1932636ba92d3
-
SHA256
e6d594047deecb0f3d49898475084d286072b6e3e4a30eb9d0d03e9b3228d60f
-
SHA512
8eabf1f5f6561a587026a30258c959a6b3aa4fa2a2d5a993fcd7069bff21b1c25a648feea0ac5896adcf57414308644ac48a4ff4bdc3a5d6e6b91bc735dc1056
-
SSDEEP
98304:aTvkQ/nTstrpzpNBcSrMVudcoCL+34a5eB2atknfQJlH7ixiu1aqrqNCwLtwFkVg:aTvkTLVTAudcoJheBnknfFrqNXleb
Score1/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Defense Evasion
Modify Registry
4Pre-OS Boot
1Bootkit
1Subvert Trust Controls
1Install Root Certificate
1Discovery
Browser Information Discovery
1Peripheral Device Discovery
1Query Registry
6Software Discovery
1Security Software Discovery
1System Information Discovery
6System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1