Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
3xd-AntiSpy_modern.zip
windows11-21h2-x64
1Localizati...ry.dll
windows11-21h2-x64
1Newtonsoft.Json.dll
windows11-21h2-x64
1PluginInterface.dll
windows11-21h2-x64
1lang.json
windows11-21h2-x64
3plugins/Cl...e.json
windows11-21h2-x64
3plugins/Fi...y.json
windows11-21h2-x64
3plugins/Pl...er.dll
windows11-21h2-x64
1plugins/Pl...er.ps1
windows11-21h2-x64
3plugins/Pl...er.dll
windows11-21h2-x64
1plugins/Pl...r.json
windows11-21h2-x64
3plugins/Re...er.ps1
windows11-21h2-x64
8plugins/Sn...t.json
windows11-21h2-x64
3plugins/Un...ve.ps1
windows11-21h2-x64
8plugins/Us...e.json
windows11-21h2-x64
3plugins/Us...l.json
windows11-21h2-x64
3xd-AntiSpy.exe
windows11-21h2-x64
xd-AntiSpy.png
windows11-21h2-x64
3General
-
Target
xd-AntiSpy_modern.zip
-
Size
375KB
-
Sample
240812-h3bmtaveka
-
MD5
238159933f95443b3d1e14424f6008bf
-
SHA1
8ff807098acd58f508ae8ad620c8b41a89273a08
-
SHA256
39f5adab7ad13d1bad081cf971e0ed53c8d8ccc4b902dff4be73e4b7902eaad8
-
SHA512
8139fdb180b27a2790b794afb1cfb3013121316981ee4df7a2fd01c7d393d4891b5d236677e4b6e58a6efcbba8f7b5f698c741b333a2a27fea231b69662b7e8c
-
SSDEEP
6144:TsfwVUrEJxyE5tgdKhqFjuIpuFoYmyFRozXMbgGKAkaPI5siTL6UUR1Px:TsfLrE3y4gdKcgOuAzXMpjkag5DTL6UQ
Static task
static1
Behavioral task
behavioral1
Sample
xd-AntiSpy_modern.zip
Resource
win11-20240802-en
Behavioral task
behavioral2
Sample
LocalizationLibrary.dll
Resource
win11-20240802-en
Behavioral task
behavioral3
Sample
Newtonsoft.Json.dll
Resource
win11-20240802-en
Behavioral task
behavioral4
Sample
PluginInterface.dll
Resource
win11-20240802-en
Behavioral task
behavioral5
Sample
lang.json
Resource
win11-20240802-en
Behavioral task
behavioral6
Sample
plugins/Clear Icon Cache.json
Resource
win11-20240802-en
Behavioral task
behavioral7
Sample
plugins/File Extensions Visibility.json
Resource
win11-20240802-en
Behavioral task
behavioral8
Sample
plugins/PluginButler.dll
Resource
win11-20240802-en
Behavioral task
behavioral9
Sample
plugins/PluginButler.ps1
Resource
win11-20240802-en
Behavioral task
behavioral10
Sample
plugins/PluginDebloater.dll
Resource
win11-20240802-en
Behavioral task
behavioral11
Sample
plugins/PluginDebloater.json
Resource
win11-20240802-en
Behavioral task
behavioral12
Sample
plugins/Restart Explorer.ps1
Resource
win11-20240802-en
Behavioral task
behavioral13
Sample
plugins/Snap Assist Flyout.json
Resource
win11-20240802-en
Behavioral task
behavioral14
Sample
plugins/Uninstall OneDrive.ps1
Resource
win11-20240802-en
Behavioral task
behavioral15
Sample
plugins/Use light theme.json
Resource
win11-20240802-en
Behavioral task
behavioral16
Sample
plugins/User Account Control.json
Resource
win11-20240802-en
Behavioral task
behavioral17
Sample
xd-AntiSpy.exe
Resource
win11-20240802-en
Behavioral task
behavioral18
Sample
xd-AntiSpy.png
Resource
win11-20240802-en
Malware Config
Targets
-
-
Target
xd-AntiSpy_modern.zip
-
Size
375KB
-
MD5
238159933f95443b3d1e14424f6008bf
-
SHA1
8ff807098acd58f508ae8ad620c8b41a89273a08
-
SHA256
39f5adab7ad13d1bad081cf971e0ed53c8d8ccc4b902dff4be73e4b7902eaad8
-
SHA512
8139fdb180b27a2790b794afb1cfb3013121316981ee4df7a2fd01c7d393d4891b5d236677e4b6e58a6efcbba8f7b5f698c741b333a2a27fea231b69662b7e8c
-
SSDEEP
6144:TsfwVUrEJxyE5tgdKhqFjuIpuFoYmyFRozXMbgGKAkaPI5siTL6UUR1Px:TsfLrE3y4gdKcgOuAzXMpjkag5DTL6UQ
Score1/10 -
-
-
Target
LocalizationLibrary.dll
-
Size
40KB
-
MD5
355ef275485c7257431b697da7b5aa92
-
SHA1
4025920bfc33a9f1405245e1cc6312064ac3d8b5
-
SHA256
ad2ed7a52140d72aebd27366b1966850aa2bbe1064ebd99b5141d339d9868fb6
-
SHA512
e07c421b6134d491039cb6498e11dd0d99d54e35eb6acbf83a6f1b02e44c14a0bc1d824a0cf113a722fbe853a9e4d8d38887ff9f17e7f5665eaaaf2fabcd2da4
-
SSDEEP
768:QI1iBHfJA9eGNhnapBa437FC9yLHQ8146l+UxLglce/AzzYWl56IlNA5Iw0WMdu:QIwNf4x+l7FC9yLHQK46l+U+ce/AzzYa
Score1/10 -
-
-
Target
Newtonsoft.Json.dll
-
Size
695KB
-
MD5
195ffb7167db3219b217c4fd439eedd6
-
SHA1
1e76e6099570ede620b76ed47cf8d03a936d49f8
-
SHA256
e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d
-
SHA512
56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac
-
SSDEEP
12288:GBja5bBvR8Q0TE2HB0WLmvXbsVG1Gw03RzxNHgKhwFBkjSHXP36RMGy1NqTUO:GBjk38WuBcAbwoA/BkjSHXP36RMG/
Score1/10 -
-
-
Target
PluginInterface.dll
-
Size
4KB
-
MD5
fbc4671df9ded845b971d3f042b259d6
-
SHA1
043d7d1afe25f1a5efac30e03629270ea9ccbe9c
-
SHA256
401da4bcbfc4c31613811e2071886132d876a9375efbaccf887c9305f658a9d6
-
SHA512
039e2bd2d5a63f7800133e03fa3d87e319cf6e2396baa1ec466337e39b3bc4422b49f43c7790a2071fdd721e0c0b0a1658a9686e3e16d1632ed56e0faea72a16
Score1/10 -
-
-
Target
lang.json
-
Size
29B
-
MD5
eec56a51c3361aa5a66de24d3bd23bc9
-
SHA1
340c384aff6cfd8c6b4ca52f9a2cdd0b955fb140
-
SHA256
a7428556e50caf3314b6c80e051bb61c5831ee900b0bcca749ab05e35469a0d5
-
SHA512
6f88724220944b4cd253458f65aeab02236368ac8ca073e83e957769e9e38cdb9f29516c660c648690e4593e0793b55833444ee27ed239f02ad71c7d856a5931
Score3/10 -
-
-
Target
plugins/Clear Icon Cache.json
-
Size
581B
-
MD5
5bd80bd19f9d82495feb01faacb6681c
-
SHA1
de2d7151f87f8b47c12fe7560c4732674cc3b325
-
SHA256
dbc5d6058f3293d34ddf8bec1279af343ebf66670e89cf8e02a512f2807e028c
-
SHA512
beaea631337102c96ef3038e5f1c2e2a475c37779ba4ceb26e8b6a1d83230d26ef15fef9e2c0315ce550a097c9788a060a2528aaa65568d73c9dfffaeceb998d
Score3/10 -
-
-
Target
plugins/File Extensions Visibility.json
-
Size
1KB
-
MD5
f9c31fa55ce41a828ee749798575e55a
-
SHA1
9eed519bc244c964af105ee4902dbe060e605c85
-
SHA256
6e5dafec7faf6c5fc7b71c2b4562f554f5c28a4a6cde0660ad9734702f2fec74
-
SHA512
353de1f949afbd854a752d3f3d0cd1c1f82957144942abafe0a4a25816d48cd67671e65104eac8a4cc666502d4033a4dcf9de74ff956b834abb4202236ee3444
Score3/10 -
-
-
Target
plugins/PluginButler.dll
-
Size
18KB
-
MD5
e74b70ff8ad8da5d065b3bcf8018d732
-
SHA1
4ca18f0603a1218239a1012bed88621c7c63a777
-
SHA256
9a223a0d405554bc4681ce90ee4f46adeca35f111c329090f08e699e27f6d2a0
-
SHA512
f4a9e97c3d07fb7ea7b8cb08d82163028ff74856e39e07ad13ff918fe57a1868959e3bc715e8b7cc093f6a490349fc51aab191d251fdcc8f9133d17ac7d06fbd
-
SSDEEP
384:W0qJI+gB9yhuUaeG53rn5WLp6qXG05P8Btq55fVg+1c+zVhu:W8+gHL3rn26qXfzlT1c4W
Score1/10 -
-
-
Target
plugins/PluginButler.json
-
Size
9KB
-
MD5
69ebcba399c089ffd048f060990f54f6
-
SHA1
b22184acbdd762f60210116394f9d5f8ff7c485a
-
SHA256
38d87890fd5325e79f16f4ebcdc291b7e805d2ba0fc6f2c05668fae165dbbf3a
-
SHA512
a69aebbb32a5d46f26e8c0a1877e16841e70a94437a80abb17ba599eb67a970d2e8d6fb87ce4dbc827df06fa4f3f2a0134db1f3724941dceffee4f68b078277b
-
SSDEEP
192:BMN1eR742py6sb64p2mbW6Cc9WcRoCadeXrMh+xZy0:+TeRc2pydu4p2mbv9WMotdeXrMUxZy0
Score3/10 -
-
-
Target
plugins/PluginDebloater.dll
-
Size
23KB
-
MD5
f2b47bb1c2abc73dd3d442d405a3f992
-
SHA1
fde43b7b439cb15ad7455abbf32e3fab3cf6dbc3
-
SHA256
5b96eb56a71a9f0eab0185b25a92999c6dcca62071e1cecb75d0d95279e1b0b2
-
SHA512
25fbf1509c8d17529137ac038b783c4fca91046f39bdad8dda05126d2252e728949746bce56f1e85012e6ef3a6a0d3ebb50d8eb90180098ab5210b4b3b2e31a1
-
SSDEEP
384:LXfyB5XsSqEbVP0jtRmWbf5sNgcPNg+lluEaPJJgtQqa5GXfefi/VC7J:LvyJkXBs6cPy0itqnefwA
Score1/10 -
-
-
Target
plugins/PluginDebloater.json
-
Size
18KB
-
MD5
0bb801fb7dd92875f4423fcde37581fb
-
SHA1
23b75784b774ae4c42984ae267a31882d3d5eda5
-
SHA256
7a293003041a674f10288f95807f06b12cb5905cfcc4754841152dc8b099dd68
-
SHA512
f1443c71a5ef6893bc3ccaf2735de82cd275eef48d14d477d5ccd6bdb5526c25ff522244e23ce084898301ba607aa35b00da03a7f8ed85e83c29f0b7f6651a01
-
SSDEEP
384:HHoHk8HMGpKrREKIbZjnOChhLJk6KuNW2:HHor75r/
Score3/10 -
-
-
Target
plugins/Restart Explorer.ps1
-
Size
497B
-
MD5
2ebc3b277b6b0038b48f557507372a08
-
SHA1
debaa00dbfa123ddf1d1d4d004250777f067d12b
-
SHA256
ce31d19e4b3c0a707053dc081e109a465487f57b5180fb470be9ef75f391095d
-
SHA512
45f79f41f42ad1901af650bdcb8237f494c8dda759efd21fe2f5d3591cd0b7e10e8f518c62c1b8b9dea4f1b4fc8907bc83446f53a1f72b1adce53f68709e2c5c
Score8/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
plugins/Snap Assist Flyout.json
-
Size
640B
-
MD5
5e417c798cdb4da02dd1757f10677a14
-
SHA1
af8b4b8538087da29c51b4d7f04a69284b19f729
-
SHA256
07be898189534f434af1b23fbbd7d19f8197b11399b9c55780f2b11cb1ebf159
-
SHA512
a7608abb5dec67faec30800ff097dc46266d30d62ffb12fb624f33f02af5f3ba74c2606c4d3d96c6dac31fe67cb7493c5fe328d4711a217a47deeeee7a32fe42
Score3/10 -
-
-
Target
plugins/Uninstall OneDrive.ps1
-
Size
2KB
-
MD5
d3228595fe69c9f115e84592c6a70e48
-
SHA1
6795f195012476b278b1dee2766d8e62df96d0a7
-
SHA256
945f7e685db6fc568cc8eb114b4d54dd7d1d5feb0879c84fe3f82ed786ae3b8d
-
SHA512
5fae9274601b7bbfd8d3ec2ecba984e59dbfd20a8c31d5bd3bf8f32de9c004916ecea6328db2b1dfb5e2fc9737dbdf769104afe2c8f7476d695dd3b1d3827554
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Modifies system executable filetype association
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
plugins/Use light theme.json
-
Size
1022B
-
MD5
636f8fbb6fc0f942ab31666dccc5d499
-
SHA1
efe538b6b2ea32d0ed4b944400be86319901f47e
-
SHA256
102a076a0446290c6e454033c47165891f7942b7de9690517f5bf0ceb443a6eb
-
SHA512
468ae61e94c106d8ddfa11da1b25b5177ec5665b20b39ed5272da72c6726e868c34426c21d11767de7b277b56863564e3ae5c997beb6be803c98e6af45f089d7
Score3/10 -
-
-
Target
plugins/User Account Control.json
-
Size
1KB
-
MD5
a178eda0a77068ea7770b4c7bcc8797f
-
SHA1
1ece27ae47884dd7faa27ec80140dc9dc9c25be8
-
SHA256
b516eda092b3420e3e0a8ba73cf96573cf947c22b39dba8a4672948d74e7f929
-
SHA512
7bd0b527fdbc07fa2be37679b06c0422ea07ff2bb54ab5020dafcb09bc96a55597001f9f8b21dc71ba8994420fd8f2b008830aab276b4e259e48d1bf5b66fa05
Score3/10 -
-
-
Target
xd-AntiSpy.exe
-
Size
133KB
-
MD5
1ed33278dba878502386ca4e535dd305
-
SHA1
5810cb649c295c89fceb953fc36bca5b236b809e
-
SHA256
648665b2b8d37614e8997c43ebe18e4026e976ef8d08a716f7c4388b567e09fe
-
SHA512
c3f7880d261b6be9fcc60438408005d5b843228f4282a61de9f06d246e806e5e672e2117db27a8882e33144a85a1ef18c2f3f744088172f216544aa682767595
-
SSDEEP
3072:hrCNOoWvDsNE476Q5ndZDDVq2j96+c4h+AK2LUsR8s6xRVehEA4ucyH9FViOG1JL:D0+AK2LUsR8s6xRVehEDbAbZIl/i
Score10/10-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
xd-AntiSpy.png
-
Size
31KB
-
MD5
d2a0f93e1dcf29d9ad11433a6538dcae
-
SHA1
ad1f6d104a49fa490cc1a1303c19cbbfea4b7411
-
SHA256
e1009fb19bc8a891aa1989dd59bfa6c265b66cfa58d9083ff6e2b15d9af32f48
-
SHA512
e4f62f78c2a59ce7c03e3e93b18f65e8ac081876548636c9d387733fab16a9714179efed723c2b7817c1453ddb8edd2ca8a1f6c039b23d7dc2df06718f6cc50f
-
SSDEEP
768:J9L8aPIEsFGbjnwsiQufajx0yMvR14hqjsd:TLFsAnzufWqR14qm
Score3/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
2Change Default File Association
1Component Object Model Hijacking
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
2Change Default File Association
1Component Object Model Hijacking
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
1Disable or Modify Tools
1Modify Registry
7Subvert Trust Controls
1Install Root Certificate
1