Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
3NoRiskClie...up.exe
windows10-2004-x64
7$PLUGINSDI...nu.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...ls.dll
windows10-2004-x64
3$TEMP/Micr...up.exe
windows10-2004-x64
6NoRiskClient.exe
windows10-2004-x64
1uninstall.exe
windows10-2004-x64
7$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...ls.dll
windows10-2004-x64
3General
-
Target
NoRiskClient-Windows-setup.exe
-
Size
8.6MB
-
Sample
240806-yhefzascnf
-
MD5
60d2424e6edce9fbea15f4791d413c3e
-
SHA1
dc177867b6b92dbd4249bb88565bb5a7810a5313
-
SHA256
559c6ceb7664361f758f37749a7673ce9562c2c82b885dfd8ea0ceda6e62ba5f
-
SHA512
18728d82f3133a9026e4703af00e7f6ff09826b4fc04c4e64f7dea98f75eec16daa63a128a11746fecdc8010440580bd3a05b4dd8793e5ab2fc207dbc632e1a0
-
SSDEEP
196608:xi/a52l/c6cOFcytYBw9NL8LCwEArwWI2x6OTUn1G:xi/y2FcvRyt7jwEQJI2xDTU1G
Static task
static1
Behavioral task
behavioral1
Sample
NoRiskClient-Windows-setup.exe
Resource
win10v2004-20240802-de
Behavioral task
behavioral2
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win10v2004-20240802-de
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-de
Behavioral task
behavioral4
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240802-de
Behavioral task
behavioral5
Sample
$PLUGINSDIR/nsis_tauri_utils.dll
Resource
win10v2004-20240802-de
Behavioral task
behavioral6
Sample
$TEMP/MicrosoftEdgeWebview2Setup.exe
Resource
win10v2004-20240802-de
Behavioral task
behavioral7
Sample
NoRiskClient.exe
Resource
win10v2004-20240802-de
Behavioral task
behavioral8
Sample
uninstall.exe
Resource
win10v2004-20240802-de
Behavioral task
behavioral9
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win10v2004-20240802-de
Behavioral task
behavioral10
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-de
Behavioral task
behavioral11
Sample
$PLUGINSDIR/nsis_tauri_utils.dll
Resource
win10v2004-20240802-de
Malware Config
Targets
-
-
Target
NoRiskClient-Windows-setup.exe
-
Size
8.6MB
-
MD5
60d2424e6edce9fbea15f4791d413c3e
-
SHA1
dc177867b6b92dbd4249bb88565bb5a7810a5313
-
SHA256
559c6ceb7664361f758f37749a7673ce9562c2c82b885dfd8ea0ceda6e62ba5f
-
SHA512
18728d82f3133a9026e4703af00e7f6ff09826b4fc04c4e64f7dea98f75eec16daa63a128a11746fecdc8010440580bd3a05b4dd8793e5ab2fc207dbc632e1a0
-
SSDEEP
196608:xi/a52l/c6cOFcytYBw9NL8LCwEArwWI2x6OTUn1G:xi/y2FcvRyt7jwEQJI2xDTU1G
Score7/10-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/StartMenu.dll
-
Size
7KB
-
MD5
d070f3275df715bf3708beff2c6c307d
-
SHA1
93d3725801e07303e9727c4369e19fd139e69023
-
SHA256
42dd4dda3249a94e32e20f76eaffae784a5475ed00c60ef0197c8a2c1ccd2fb7
-
SHA512
fcaf625dac4684dad33d12e3a942b38489ecc90649eee885d823a932e70db63c1edb8614b9fa8904d1710e9b820e82c5a37aeb8403cf21cf1e3692f76438664d
-
SSDEEP
96:h8dPIKJhMuhik+CfoEwknt6io8zv+qy5/utta/H3lkCTcaqHCI:yZIKXgk+cx6QYFkAXlncviI
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
cff85c549d536f651d4fb8387f1976f2
-
SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
-
SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
-
SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88
-
SSDEEP
192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
Score3/10 -
-
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
9KB
-
MD5
6c3f8c94d0727894d706940a8a980543
-
SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd
-
SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2
-
SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355
-
SSDEEP
96:o0svUu3Uy+sytcS8176b+XR8pCHFcMcxSgB5PKtAtgt+Nt+rnt3DVEB3YcNqkzfS:o0svWyNO81b8pCHFcM0PuAgkOyuIFc
Score3/10 -
-
-
Target
$PLUGINSDIR/nsis_tauri_utils.dll
-
Size
29KB
-
MD5
8def0196223484f8aed4106148dd3f08
-
SHA1
e0fc0951deb0e5e741df10328f95c7d6678ad3aa
-
SHA256
c0f2b928bc4c81cc5ca30a8932a6dc8cd617dd016679c057e23355fe732b2333
-
SHA512
9ffa66181bce5aa5210da0fe5edc6c80aa9e46e2bd1fafd840f468965f4d06bc03f9a77e04b975ffc9f25c886c274196e3fedae6cfb57f366ef39f1e31e1ada7
-
SSDEEP
768:97F3QRyGmiZZ1FCeu2rcFKpnq0jdhK7W+qdxi:hJQRtmaF7YMX/q
Score3/10 -
-
-
Target
$TEMP/MicrosoftEdgeWebview2Setup.exe
-
Size
1.6MB
-
MD5
45e5ca74b9ae3c3fc6f6a63c609783b6
-
SHA1
f36715bea96d69bb18075fac30b90502c6d2464b
-
SHA256
b4afd37b9087df7e041ae749fd0fa342926d9cce533bde9cdc4283132c3820a9
-
SHA512
014fd398d456fcb118dfd6b038b6f96008ca209d44d9707e175e85e7f14cfb3f2886deaed0d8ed25971813035e8dd7f88142c06972f3e2c9b4a534d84bec661a
-
SSDEEP
49152:OiEa3J/lPA552bT8TCKpxVt2sl0TD5yncADYOS0jZ2/vgm9dV:OirIOoT9pnt9l45mcADRS0SRbV
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Downloads MZ/PE file
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
-
-
Target
NoRiskClient.exe
-
Size
23.8MB
-
MD5
10a7cf5b525637983d4327cad60d1ab4
-
SHA1
6e2e48d904e750758be8d068935fe53364899956
-
SHA256
980ce45fddd40bba1427efa5f3c98c18e3d4dfc798898dddaa3f932e0bfbc96e
-
SHA512
80ed73b13e7d1c4e34c7e9630e7c2bad1db80aadd1d6a8f0c499850d1dbd379c57c3dfb8ec1f33222768c6d2fc80301c6984be4f44c304c7a0bccade1651eeb8
-
SSDEEP
196608:pQ0foIt0S2I5LRUpB0h9EmJiJtuEQHrIb80uth/b:Rpt0S2I90B03XEQkb80Exb
Score1/10 -
-
-
Target
uninstall.exe
-
Size
74KB
-
MD5
d4d8325500c3d541c78ad7ff996313ac
-
SHA1
b5c8f9a4d3d98bcfabc6e52be1b251c8a3be1bf0
-
SHA256
c8ee6ca8ecffd5b320d1df34df37bb494e71fdfde3298d7006071f8f7937a6eb
-
SHA512
25663a56c835da1c60e1857d51001eb03f6d82fe05b85bb8d578a57a1fe641723c684de23d269a358252a27e07c9920911e5cc53ed08c41a406d0a8baea78bb4
-
SSDEEP
1536:HmsAYBdTU9fEAIS2PEtuSgdLeAyNxdvyQ4n8lNpSihoG9BdO:GfY/TU9fE9PEtuSceAk3+QpSi6G9bO
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/LangDLL.dll
-
Size
5KB
-
MD5
68b287f4067ba013e34a1339afdb1ea8
-
SHA1
45ad585b3cc8e5a6af7b68f5d8269c97992130b3
-
SHA256
18e8b40ba22c7a1687bd16e8d585380bc2773fff5002d7d67e9485fcc0c51026
-
SHA512
06c38bbb07fb55256f3cdc24e77b3c8f3214f25bfd140b521a39d167113bf307a7e8d24e445d510bc5e4e41d33c9173bb14e3f2a38bc29a0e3d08c1f0dca4bdb
-
SSDEEP
48:S46+/nTKYKxbWsptIpBtWZ0iV8jAWiAJCvxft2O2B8mFofjLl:zFuPbOBtWZBV8jAWiAJCdv2Cm0L
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
cff85c549d536f651d4fb8387f1976f2
-
SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
-
SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
-
SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88
-
SSDEEP
192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
Score3/10 -
-
-
Target
$PLUGINSDIR/nsis_tauri_utils.dll
-
Size
29KB
-
MD5
8def0196223484f8aed4106148dd3f08
-
SHA1
e0fc0951deb0e5e741df10328f95c7d6678ad3aa
-
SHA256
c0f2b928bc4c81cc5ca30a8932a6dc8cd617dd016679c057e23355fe732b2333
-
SHA512
9ffa66181bce5aa5210da0fe5edc6c80aa9e46e2bd1fafd840f468965f4d06bc03f9a77e04b975ffc9f25c886c274196e3fedae6cfb57f366ef39f1e31e1ada7
-
SSDEEP
768:97F3QRyGmiZZ1FCeu2rcFKpnq0jdhK7W+qdxi:hJQRtmaF7YMX/q
Score3/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Active Setup
1Browser Extensions
1Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1