Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

NoRiskClie...up.exe

windows10-2004-x64

7

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$TEMP/Micr...up.exe

windows10-2004-x64

6

NoRiskClient.exe

windows10-2004-x64

1

uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NoRiskClient-Windows-setup.exe

  • Size

    8.6MB

  • Sample

    240806-yhefzascnf

  • MD5

    60d2424e6edce9fbea15f4791d413c3e

  • SHA1

    dc177867b6b92dbd4249bb88565bb5a7810a5313

  • SHA256

    559c6ceb7664361f758f37749a7673ce9562c2c82b885dfd8ea0ceda6e62ba5f

  • SHA512

    18728d82f3133a9026e4703af00e7f6ff09826b4fc04c4e64f7dea98f75eec16daa63a128a11746fecdc8010440580bd3a05b4dd8793e5ab2fc207dbc632e1a0

  • SSDEEP

    196608:xi/a52l/c6cOFcytYBw9NL8LCwEArwWI2x6OTUn1G:xi/y2FcvRyt7jwEQJI2xDTU1G

Score
7/10
adwarediscoverypersistenceprivilege_escalationstealer

Malware Config

Targets

    • Target

      NoRiskClient-Windows-setup.exe

    • Size

      8.6MB

    • MD5

      60d2424e6edce9fbea15f4791d413c3e

    • SHA1

      dc177867b6b92dbd4249bb88565bb5a7810a5313

    • SHA256

      559c6ceb7664361f758f37749a7673ce9562c2c82b885dfd8ea0ceda6e62ba5f

    • SHA512

      18728d82f3133a9026e4703af00e7f6ff09826b4fc04c4e64f7dea98f75eec16daa63a128a11746fecdc8010440580bd3a05b4dd8793e5ab2fc207dbc632e1a0

    • SSDEEP

      196608:xi/a52l/c6cOFcytYBw9NL8LCwEArwWI2x6OTUn1G:xi/y2FcvRyt7jwEQJI2xDTU1G

    Score
    7/10
    discovery

    • Loads dropped DLL

    behavioral1

    • Target

      $PLUGINSDIR/StartMenu.dll

    • Size

      7KB

    • MD5

      d070f3275df715bf3708beff2c6c307d

    • SHA1

      93d3725801e07303e9727c4369e19fd139e69023

    • SHA256

      42dd4dda3249a94e32e20f76eaffae784a5475ed00c60ef0197c8a2c1ccd2fb7

    • SHA512

      fcaf625dac4684dad33d12e3a942b38489ecc90649eee885d823a932e70db63c1edb8614b9fa8904d1710e9b820e82c5a37aeb8403cf21cf1e3692f76438664d

    • SSDEEP

      96:h8dPIKJhMuhik+CfoEwknt6io8zv+qy5/utta/H3lkCTcaqHCI:yZIKXgk+cx6QYFkAXlncviI

    Score
    3/10
    discovery
    behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      cff85c549d536f651d4fb8387f1976f2

    • SHA1

      d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

    • SHA256

      8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

    • SHA512

      531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

    • SSDEEP

      192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr

    Score
    3/10
    discovery
    behavioral3

    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      6c3f8c94d0727894d706940a8a980543

    • SHA1

      0d1bcad901be377f38d579aafc0c41c0ef8dcefd

    • SHA256

      56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

    • SHA512

      2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

    • SSDEEP

      96:o0svUu3Uy+sytcS8176b+XR8pCHFcMcxSgB5PKtAtgt+Nt+rnt3DVEB3YcNqkzfS:o0svWyNO81b8pCHFcM0PuAgkOyuIFc

    Score
    3/10
    discovery
    behavioral4

    • Target

      $PLUGINSDIR/nsis_tauri_utils.dll

    • Size

      29KB

    • MD5

      8def0196223484f8aed4106148dd3f08

    • SHA1

      e0fc0951deb0e5e741df10328f95c7d6678ad3aa

    • SHA256

      c0f2b928bc4c81cc5ca30a8932a6dc8cd617dd016679c057e23355fe732b2333

    • SHA512

      9ffa66181bce5aa5210da0fe5edc6c80aa9e46e2bd1fafd840f468965f4d06bc03f9a77e04b975ffc9f25c886c274196e3fedae6cfb57f366ef39f1e31e1ada7

    • SSDEEP

      768:97F3QRyGmiZZ1FCeu2rcFKpnq0jdhK7W+qdxi:hJQRtmaF7YMX/q

    Score
    3/10
    discovery
    behavioral5

    • Target

      $TEMP/MicrosoftEdgeWebview2Setup.exe

    • Size

      1.6MB

    • MD5

      45e5ca74b9ae3c3fc6f6a63c609783b6

    • SHA1

      f36715bea96d69bb18075fac30b90502c6d2464b

    • SHA256

      b4afd37b9087df7e041ae749fd0fa342926d9cce533bde9cdc4283132c3820a9

    • SHA512

      014fd398d456fcb118dfd6b038b6f96008ca209d44d9707e175e85e7f14cfb3f2886deaed0d8ed25971813035e8dd7f88142c06972f3e2c9b4a534d84bec661a

    • SSDEEP

      49152:OiEa3J/lPA552bT8TCKpxVt2sl0TD5yncADYOS0jZ2/vgm9dV:OirIOoT9pnt9l45mcADRS0SRbV

    Score
    6/10
    adwarediscoverypersistenceprivilege_escalationstealer

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • Downloads MZ/PE file

    • Event Triggered Execution: Image File Execution Options Injection

      persistence

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation
    behavioral6

    • Target

      NoRiskClient.exe

    • Size

      23.8MB

    • MD5

      10a7cf5b525637983d4327cad60d1ab4

    • SHA1

      6e2e48d904e750758be8d068935fe53364899956

    • SHA256

      980ce45fddd40bba1427efa5f3c98c18e3d4dfc798898dddaa3f932e0bfbc96e

    • SHA512

      80ed73b13e7d1c4e34c7e9630e7c2bad1db80aadd1d6a8f0c499850d1dbd379c57c3dfb8ec1f33222768c6d2fc80301c6984be4f44c304c7a0bccade1651eeb8

    • SSDEEP

      196608:pQ0foIt0S2I5LRUpB0h9EmJiJtuEQHrIb80uth/b:Rpt0S2I90B03XEQkb80Exb

    Score
    1/10
    behavioral7

    • Target

      uninstall.exe

    • Size

      74KB

    • MD5

      d4d8325500c3d541c78ad7ff996313ac

    • SHA1

      b5c8f9a4d3d98bcfabc6e52be1b251c8a3be1bf0

    • SHA256

      c8ee6ca8ecffd5b320d1df34df37bb494e71fdfde3298d7006071f8f7937a6eb

    • SHA512

      25663a56c835da1c60e1857d51001eb03f6d82fe05b85bb8d578a57a1fe641723c684de23d269a358252a27e07c9920911e5cc53ed08c41a406d0a8baea78bb4

    • SSDEEP

      1536:HmsAYBdTU9fEAIS2PEtuSgdLeAyNxdvyQ4n8lNpSihoG9BdO:GfY/TU9fE9PEtuSceAk3+QpSi6G9bO

    Score
    7/10
    discovery

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral8

    • Target

      $PLUGINSDIR/LangDLL.dll

    • Size

      5KB

    • MD5

      68b287f4067ba013e34a1339afdb1ea8

    • SHA1

      45ad585b3cc8e5a6af7b68f5d8269c97992130b3

    • SHA256

      18e8b40ba22c7a1687bd16e8d585380bc2773fff5002d7d67e9485fcc0c51026

    • SHA512

      06c38bbb07fb55256f3cdc24e77b3c8f3214f25bfd140b521a39d167113bf307a7e8d24e445d510bc5e4e41d33c9173bb14e3f2a38bc29a0e3d08c1f0dca4bdb

    • SSDEEP

      48:S46+/nTKYKxbWsptIpBtWZ0iV8jAWiAJCvxft2O2B8mFofjLl:zFuPbOBtWZBV8jAWiAJCdv2Cm0L

    Score
    3/10
    discovery
    behavioral9

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      cff85c549d536f651d4fb8387f1976f2

    • SHA1

      d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

    • SHA256

      8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

    • SHA512

      531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

    • SSDEEP

      192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr

    Score
    3/10
    discovery
    behavioral10

    • Target

      $PLUGINSDIR/nsis_tauri_utils.dll

    • Size

      29KB

    • MD5

      8def0196223484f8aed4106148dd3f08

    • SHA1

      e0fc0951deb0e5e741df10328f95c7d6678ad3aa

    • SHA256

      c0f2b928bc4c81cc5ca30a8932a6dc8cd617dd016679c057e23355fe732b2333

    • SHA512

      9ffa66181bce5aa5210da0fe5edc6c80aa9e46e2bd1fafd840f468965f4d06bc03f9a77e04b975ffc9f25c886c274196e3fedae6cfb57f366ef39f1e31e1ada7

    • SSDEEP

      768:97F3QRyGmiZZ1FCeu2rcFKpnq0jdhK7W+qdxi:hJQRtmaF7YMX/q

    Score
    3/10
    discovery
    behavioral11

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Active Setup

1
T1547.014

Browser Extensions

1
T1176

Event Triggered Execution

2
T1546

Component Object Model Hijacking

1
T1546.015

Image File Execution Options Injection

1
T1546.012

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Active Setup

1
T1547.014

Event Triggered Execution

2
T1546

Component Object Model Hijacking

1
T1546.015

Image File Execution Options Injection

1
T1546.012

Defense Evasion

Modify Registry

4
T1112

Credential Access

Discovery

Query Registry

4
T1012

System Information Discovery

3
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

System Network Configuration Discovery

1
T1016

Internet Connection Discovery

1
T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks