Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
3Scan_docs#...98.exe
windows10-2004-x64
7Scan_docs#...98.exe
windows11-21h2-x64
7$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows11-21h2-x64
3$PLUGINSDIR/UAC.dll
windows10-2004-x64
3$PLUGINSDIR/UAC.dll
windows11-21h2-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows11-21h2-x64
3$PLUGINSDI...rd.bmp
windows10-2004-x64
7$PLUGINSDI...rd.bmp
windows11-21h2-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows11-21h2-x64
3$SMSTARTUP/32x.exe
windows10-2004-x64
5$SMSTARTUP/32x.exe
windows11-21h2-x64
532x.exe
windows10-2004-x64
532x.exe
windows11-21h2-x64
5uninst.exe.nsis
windows10-2004-x64
3uninst.exe.nsis
windows11-21h2-x64
3General
-
Target
Scan_docs#84768898.exe
-
Size
5.5MB
-
Sample
240812-lmj6sszblb
-
MD5
ce65c8134821032063d54ca07e8a73ae
-
SHA1
13e5fe6fedb20530b1a82733b35b3bc23e9c7b9a
-
SHA256
02ec55a5a2ad775adccd333edd94ac0bd82129a233736f7240044e085b73b0b3
-
SHA512
04e4e45ec86735dba5b9289b887784691e7c6a1d5a912a805c7a8400e10c687a825b97d8c911c715c78d21b8e4551ad3e74b71e1e6df58c2f693c24bd9aa4304
-
SSDEEP
98304:C1kfl3MhgvWbkjpaKqPtUr0MHa35QvBq7E9ZYBtPsxcZE7sCC9:CufligvWIVJqr1p8Bq49ZetPApsCC
Static task
static1
Behavioral task
behavioral1
Sample
Scan_docs#84768898.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral2
Sample
Scan_docs#84768898.exe
Resource
win11-20240802-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win11-20240802-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/UAC.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/UAC.dll
Resource
win11-20240802-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win11-20240802-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/modern-wizard.bmp
Resource
win10v2004-20240802-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/modern-wizard.bmp
Resource
win11-20240802-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win11-20240802-en
Behavioral task
behavioral13
Sample
$SMSTARTUP/32x.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral14
Sample
$SMSTARTUP/32x.exe
Resource
win11-20240802-en
Behavioral task
behavioral15
Sample
32x.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral16
Sample
32x.exe
Resource
win11-20240802-en
Behavioral task
behavioral17
Sample
uninst.exe.nsis
Resource
win10v2004-20240802-en
Behavioral task
behavioral18
Sample
uninst.exe.nsis
Resource
win11-20240802-en
Malware Config
Targets
-
-
Target
Scan_docs#84768898.exe
-
Size
5.5MB
-
MD5
ce65c8134821032063d54ca07e8a73ae
-
SHA1
13e5fe6fedb20530b1a82733b35b3bc23e9c7b9a
-
SHA256
02ec55a5a2ad775adccd333edd94ac0bd82129a233736f7240044e085b73b0b3
-
SHA512
04e4e45ec86735dba5b9289b887784691e7c6a1d5a912a805c7a8400e10c687a825b97d8c911c715c78d21b8e4551ad3e74b71e1e6df58c2f693c24bd9aa4304
-
SSDEEP
98304:C1kfl3MhgvWbkjpaKqPtUr0MHa35QvBq7E9ZYBtPsxcZE7sCC9:CufligvWIVJqr1p8Bq49ZetPApsCC
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
bf712f32249029466fa86756f5546950
-
SHA1
75ac4dc4808ac148ddd78f6b89a51afbd4091c2e
-
SHA256
7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af
-
SHA512
13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4
-
SSDEEP
192:0N2gQuUwXzioj4KALV2upWzVd7q1QDXEbBZ8KxHdGzyS/Kx:rJoiO8V2upW7vQjS/
Score3/10 -
-
-
Target
$PLUGINSDIR/UAC.dll
-
Size
14KB
-
MD5
adb29e6b186daa765dc750128649b63d
-
SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9
-
SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
-
SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada
-
SSDEEP
192:DiF6v2imI36Op/tGZGfWxdyWHD0I53vLl7WVl8e04IpDlPjs:DGVY6ClGoWxXH75T1WVl83lLs
Score3/10 -
-
-
Target
$PLUGINSDIR/UserInfo.dll
-
Size
4KB
-
MD5
c7ce0e47c83525983fd2c4c9566b4aad
-
SHA1
38b7ad7bb32ffae35540fce373b8a671878dc54e
-
SHA256
6293408a5fa6d0f55f0a4d01528eb5b807ee9447a75a28b5986267475ebcd3ae
-
SHA512
ee9f23ea5210f418d4c559628bbfb3a0f892440bcd5dc4c1901cb8e510078e4481ea8353b262795076a19055e70b88e08fee5fb7e8f35a6f49022096408df20e
Score3/10 -
-
-
Target
$PLUGINSDIR/modern-wizard.bmp
-
Size
25KB
-
MD5
cbe40fd2b1ec96daedc65da172d90022
-
SHA1
366c216220aa4329dff6c485fd0e9b0f4f0a7944
-
SHA256
3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2
-
SHA512
62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63
-
SSDEEP
24:Qwika6aSaaDaVYoG6abuJsnZs5GhI11BayNXPcDrSsUWcSphsWwlEWqCl6aHAX2x:Qoi47a5G8SddzKFIcsOz3Xz
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
9KB
-
MD5
4ccc4a742d4423f2f0ed744fd9c81f63
-
SHA1
704f00a1acc327fd879cf75fc90d0b8f927c36bc
-
SHA256
416133dd86c0dff6b0fcaf1f46dfe97fdc85b37f90effb2d369164a8f7e13ae6
-
SHA512
790c5eb1f8b297e45054c855b66dfc18e9f3f1b1870559014dbefa3b9d5b6d33a993a9e089202e70f51a55d859b74e8605c6f633386fd9189b6f78941bf1bfdb
-
SSDEEP
192:SbEunjqjIcESwFlioU3M0LLF/t8t9pKSfOi:SbESjFCw6oWPFl8jfOi
Score3/10 -
-
-
Target
$SMSTARTUP/32x.exe
-
Size
6.7MB
-
MD5
6ab9f278a420ac86fc7ec85647ce99f1
-
SHA1
6ef604f5ed1ebe6dcafd038d43469bfffbc17b3c
-
SHA256
4c4872202abb5a60a8764bf44b370578a2b3d6f449b3881e96cc38f1b55f9cda
-
SHA512
13340197d19548bfa2de73b7465032b3afce1acfe58970c3cdae213bb431eed011c1887fe5a6ee59b8708a10fb59b5a497b3b38da80e5d924fb708027638c640
-
SSDEEP
98304:3uLShPMHOaWmW+Vo3dxt6+ZMPoqvR7McRyfcUEfE+FzUEd/kHRL0GkDpaOCn4DGb:3cssOaWPKudFZiUZ1uvROFvU/mUPq
Score5/10-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
32x.exe
-
Size
6.7MB
-
MD5
6ab9f278a420ac86fc7ec85647ce99f1
-
SHA1
6ef604f5ed1ebe6dcafd038d43469bfffbc17b3c
-
SHA256
4c4872202abb5a60a8764bf44b370578a2b3d6f449b3881e96cc38f1b55f9cda
-
SHA512
13340197d19548bfa2de73b7465032b3afce1acfe58970c3cdae213bb431eed011c1887fe5a6ee59b8708a10fb59b5a497b3b38da80e5d924fb708027638c640
-
SSDEEP
98304:3uLShPMHOaWmW+Vo3dxt6+ZMPoqvR7McRyfcUEfE+FzUEd/kHRL0GkDpaOCn4DGb:3cssOaWPKudFZiUZ1uvROFvU/mUPq
Score5/10-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
uninst.exe.nsis
-
Size
10KB
-
MD5
aec326a6b06776939002c8d28cac1448
-
SHA1
e4cf88b2a059e5672a15f127ec3825095745ab2f
-
SHA256
77769c5b5213e74e1032b16cf85346b0078bd93046d99aeeaa1184e9b72dbba0
-
SHA512
5ebeb5f01ef318f7726b1a336ac81d970eb7d98f5a7230a24b417affdfcba780b84bb3c6191aff5114ec1fa177e1b5b3d29bf21d9ae0132c78a5b89f02a73225
-
SSDEEP
192:QmBCDs7RCKaRSM3bFrKf9okwkq3HVnHhvnp1Hn4emZpjOGMedt/4:QpDsNCKa93JrKukwkcHVnD1HGb/4
Score3/10 -