Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
48c616cbb15b33f9f8001ae8074e8f68657f604bb20b923ddb6722f752427a9e
-
Size
5.9MB
-
Sample
240822-hmj91sxblq
-
MD5
b6a1d4830b73825b6efe9ce64d4ca02a
-
SHA1
4ac4be0396ce87ffb640e75ce13ba667617dacaf
-
SHA256
48c616cbb15b33f9f8001ae8074e8f68657f604bb20b923ddb6722f752427a9e
-
SHA512
18baf5c36a673c6b138a355fa78b3b5339e363df6a19250d680500bda4685ae72bee0de5f6868379768ba268e4ba511135458f18170985567f5cd5c13b2eb077
-
SSDEEP
98304:jCfphzIjedVG0G16pvDNfK4URgpHH1a3B78CUGRSICkgn6x5ls7vGnOLLCdO9Rvx:jCxhzIya16RRf/11QR4oSrznG5CisCdg
Malware Config
Targets
-
-
Target
48c616cbb15b33f9f8001ae8074e8f68657f604bb20b923ddb6722f752427a9e
-
Size
5.9MB
-
MD5
b6a1d4830b73825b6efe9ce64d4ca02a
-
SHA1
4ac4be0396ce87ffb640e75ce13ba667617dacaf
-
SHA256
48c616cbb15b33f9f8001ae8074e8f68657f604bb20b923ddb6722f752427a9e
-
SHA512
18baf5c36a673c6b138a355fa78b3b5339e363df6a19250d680500bda4685ae72bee0de5f6868379768ba268e4ba511135458f18170985567f5cd5c13b2eb077
-
SSDEEP
98304:jCfphzIjedVG0G16pvDNfK4URgpHH1a3B78CUGRSICkgn6x5ls7vGnOLLCdO9Rvx:jCxhzIya16RRf/11QR4oSrznG5CisCdg
Score7/10-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
14KB
-
MD5
b18dfaded8f6d2380fdfd8f6b6969211
-
SHA1
969fa0e906240ab1123254feeb833c275626cf76
-
SHA256
747d0222b652dbfc85e0de4f8486473662d325a55e32c7eacb91e53e37ceba58
-
SHA512
25fb09b8657997d31e61c908f1cd08357c1a1b68bbb1ba377e87b6a3eb347a2ef96c1a771b6c4332853abb33728c55c83efa73df5da03f3dfc132f8a69a2886c
-
SSDEEP
192:66JaVGQ+xI5EeuyvMmGpeWH2J5xprN+AxTLK72dwF7dBdcQOz:66JaVh4I5rpPbTL+BdhO
Score3/10 -
-
-
Target
$PLUGINSDIR/KillProcDLL.dll
-
Size
32KB
-
MD5
83142eac84475f4ca889c73f10d9c179
-
SHA1
dbe43c0de8ef881466bd74861b2e5b17598b5ce8
-
SHA256
ae2f1658656e554f37e6eac896475a3862841a18ffc6fad2754e2d3525770729
-
SHA512
1c66eab21f0c9e0b99ecc3844516a6978f52e0c7f489405a427532ecbe78947c37dac5b4c8b722cc8bc1edfb74ba4824519d56099e587e754e5c668701e83bd1
-
SSDEEP
384:3rYz6grZodORNWATt4TBmlk5ooyzFh7BukAUdJoUtSOSR:3QggDWATWNCFh7BNddJoxO+
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
10KB
-
MD5
810f3a0aefe36a9f63e29e604bea91a9
-
SHA1
2559d3d4adf51f8ecbe2d07e669e344eb7d0bd80
-
SHA256
f160eb7a1b4eb8d2e99e7424ae058acd81ba5019e43cbfa0ce81e3102b356779
-
SHA512
836b73c38ab60260e1bc81ebf8347e14d02453fc361b7d6f10f137287b8189f8bc43758ce2d9def8fd1c71112aab7ef1930af2d64ae69f6d4e58a6fe17b310bb
-
SSDEEP
192:CO6dJA/ruAFEiUdWWE6hE5RYUdJfbub1argMO:XKAFERdlxhGRYUzqZar
Score3/10 -
-
-
Target
$SYSDIR/gpyapi.dll
-
Size
40KB
-
MD5
93d300348d2a6499ec7c4d1f8538c22d
-
SHA1
3e011ea8ca5c44a4eb94d5911399730e577cfc31
-
SHA256
88e111f10d36d7077ad6a2b6f4fac1727e625006ca0d6eb075c31559e23a4839
-
SHA512
b96892c0b0fc5cae26a764259c93fe6e50dc48bd8c74ec0cc9a6de03bac9811df4085d37113166cc5bf9fb12432914e5bce62165781393a7d5485bd41490a60f
-
SSDEEP
384:e223N+lhaenaPM/7rsECCXaTxR0bbggI7HsLV+EmmNp/VY4kiauVV8umrZrvADhx:e2Pqu9BFHggI7HsLcEmmNpEz5rYDh
Score3/10 -
-
-
Target
$SYSDIR/gtapi.dll
-
Size
44KB
-
MD5
b19256632fd0ba5bed01e80e29402384
-
SHA1
a4b72c88e688f53c7d3c0caffca37b65fbce31da
-
SHA256
0de25aa419acd2f9534ef03de471d034fe89697e7d8405965b3e6e0b044ae3ad
-
SHA512
052bf2f799977ad119c354b809001827f0e33d6122cc2eec02c15a5d1b50c57af4af38c5eed3c295ac3a7cc2604b4bfa89f3739f5b512046ce5b0326ff897f5a
-
SSDEEP
768:mfQ6MpT8MNWNR+mLMTyyfFtEJuxorYDaY3:sQnT87z+mLwyybxTD7
Score3/10 -
-
-
Target
$TEMP/GooglePinyinDownloader.exe
-
Size
77KB
-
MD5
1465ec3df8e8ab31f89fa32bcfaf07da
-
SHA1
73a36f944fbe18a2b3308e790e1948db8a811ce1
-
SHA256
e3c8772f34c183545cd6d643e8c1b28aeea0abdfb4ebd02b167363fb31195106
-
SHA512
911276cbad2f32acd34af6c71e1cbd7c6204a4f0aad93a30fb1104d82469e620de878f292ffc406a8e8f8ce05dfe315e496844e8720b3cd74762163f6d7eb25d
-
SSDEEP
1536:afppeVwsNT+W7Nv1KDMQ0jwg+rZGjvBtulY3ha:a+XwghQBNIZtulYk
Score8/10-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
$TEMP/GoogleToolbarInstaller_zh-CN_signed.msi
-
Size
1.1MB
-
MD5
ec1629e2086cad6ccc4c995630896213
-
SHA1
e0e1f7720072b85c04318d6d15b595d7e8f52670
-
SHA256
101fc387cb284a27c943ea087b751aefb5c106a214253b7e29e7381da95beaee
-
SHA512
3f7157a25a2d1f1fc345e9138ed5c1f17805256be985e8cfe54c60cb5a11d62e13472bdeee187c7b13e5746c8d9e08359d929410d3b5e5ab204cf4f91c02d9b1
-
SSDEEP
24576:FBkI5/nyOeMDyWd8Dce5HrY5w6Rsa31L5Dh66NIXiQcAqHVIYzgD:jhyOeMPacWHruwOsa31L5Dh66N+iVh1O
Score6/10-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
$TEMP/setup_iesuper_1020.exe
-
Size
164KB
-
MD5
2b869f2b00da6bd7fca714acf29c45d4
-
SHA1
9d9364cfa3b9c497dd5ed96268ec607aac6c587a
-
SHA256
15b3b4b702cc2a3d3b2f9fe0d2887b207a7321f2bea41d14aa67541ac06807bf
-
SHA512
85d78560b46fb4a3687566a7ed56f1fd44ba9001351d1eb040feb25fc8b9fba63f88704cd4344bd943330b749cab88502d9906cd1e35c0266a6e7db852904124
-
SSDEEP
3072:HtbKWzPmJbK5eqOllIx3fchSvJ9Q2cXvw0c8kSLK3NbkoTmOsZDWF7eAYa9Uxfh3:H1AK7vpfcO9t4vwokuMbqZeCXa9UNhmS
Score7/10-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
-
-
Target
ies_uni.exe
-
Size
52KB
-
MD5
2cc8578a6b955aa273cebf117f9945b4
-
SHA1
8cba806a7148748bb63f0c9252730effd9efb681
-
SHA256
a4dd14b89d2167c69ee58591825081563b040a57e52bbafd1e364d8ce6b09f66
-
SHA512
8be4839dd5276e4b41c81aee04b8270b7c4d3fdc6b6008d31c51d05fbc64823344963a69322f265346e1b7e627bfd103b1a38531d03dc4d95968785385d2c3b6
-
SSDEEP
1536:1Oup7DCUaAVrEnWzuuLmJgMKH7NeYRNOllz:HtbKWzPmJbK5eqOllz
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
iesuper.dll
-
Size
296KB
-
MD5
c005c3255a6207df7866eaf6a21321a2
-
SHA1
f02b3b3e213dfccef233ee41514a799d88c2b776
-
SHA256
d9cc7ce178d584ee18d01df20310b7b84e6cf2a0e1ad20d713303033a04e7d72
-
SHA512
84d5256ffc9195a444f312c9360249fd85ac1bab4f98915e4d207870a02e2e995fdbb1f502bfcbb52701b1ae121d37d9d583360c9e37d11402edded1547ee299
-
SSDEEP
6144:6wU0ydYlu19HNrG8I8i9bCiNOzvzLvtpmowIksm:e0zurNrqtSz3jy
Score6/10-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
-
-
Target
UUPlayer.dll
-
Size
163KB
-
MD5
2bb9e0b854efbe6e5f273d01ee82f998
-
SHA1
1a829fbc26b8690a6402ed1c8026850962849512
-
SHA256
026e89aa3a28249cbd5d7559ddb5f147788d487a1c5854f450b09edc236f263f
-
SHA512
f5f1397a3ee990e6339baae9e79b58cd2113483a0260fb83969eaa3c589e5deab384f5fc69597c505727d458d5253f9ce99520a8f68eac1b62dacb82896a8d51
-
SSDEEP
3072:uuw06OhI8Vfz+7ca7UhS0AnJal6MdbswEG1cefUTNe6yIBYtJ6TLT9XB69MO25Z4:uuwBBibnaAzAnJal60szkus6UtgZXw97
Score3/10 -
-
-
Target
UUSeePlayer.exe
-
Size
421KB
-
MD5
9ab0941a1c54567373b6afed3f2ed491
-
SHA1
e0b8328027c65d4904e63124f80dc69e77ec0e6a
-
SHA256
b99716d09b8aa83e4cad5d9d889a144ddb04f8fe1f7f5bb58c656d873c3d04fb
-
SHA512
e79491c9c88775a735c9190d7a3d0536b62f62255f8da947358442309916a873d6923fa74cec237a1619ef12ecb2488b61394fb2058f3771ce621d7824190725
-
SSDEEP
6144:wk37CXfkVQp0lV731pO8nhJFSVpInCOXJYE56NnGrpk3iRYjZt5Bo:D7CXff0lN31NtWsYE565GCSRYjZt5Bo
Score10/10-
Modifies firewall policy service
-
-
-
Target
bass-plugins.exe
-
Size
2.7MB
-
MD5
9bd61ba44c6d933a13564cb8fe37bd22
-
SHA1
8577baa06556c0403500960b8b387e6cbf62054d
-
SHA256
4e5fde71a3b20b8c15726d06a57513d610a999af558e8daa305e60ed68cc4abb
-
SHA512
a70ce11a7916954074634ee40d0c9a9b0416830d9e03739dea0251d8f532790183eae8f1c2d15e1c92c214f79e9e1054cf524cdbfc1915a06a3759f3d52976df
-
SSDEEP
49152:pPzTBtrWHIjhNuCUZ39eRr+ICkgnMCJqZx5Rn6JLJB8OFW6GnOLL6J6kPK:p3B78CUGRSICkgn6x5ls7vGnOLLCi
Score7/10-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
14KB
-
MD5
b18dfaded8f6d2380fdfd8f6b6969211
-
SHA1
969fa0e906240ab1123254feeb833c275626cf76
-
SHA256
747d0222b652dbfc85e0de4f8486473662d325a55e32c7eacb91e53e37ceba58
-
SHA512
25fb09b8657997d31e61c908f1cd08357c1a1b68bbb1ba377e87b6a3eb347a2ef96c1a771b6c4332853abb33728c55c83efa73df5da03f3dfc132f8a69a2886c
-
SSDEEP
192:66JaVGQ+xI5EeuyvMmGpeWH2J5xprN+AxTLK72dwF7dBdcQOz:66JaVh4I5rpPbTL+BdhO
Score3/10 -
-
-
Target
$PLUGINSDIR/KillProcDLL.dll
-
Size
32KB
-
MD5
83142eac84475f4ca889c73f10d9c179
-
SHA1
dbe43c0de8ef881466bd74861b2e5b17598b5ce8
-
SHA256
ae2f1658656e554f37e6eac896475a3862841a18ffc6fad2754e2d3525770729
-
SHA512
1c66eab21f0c9e0b99ecc3844516a6978f52e0c7f489405a427532ecbe78947c37dac5b4c8b722cc8bc1edfb74ba4824519d56099e587e754e5c668701e83bd1
-
SSDEEP
384:3rYz6grZodORNWATt4TBmlk5ooyzFh7BukAUdJoUtSOSR:3QggDWATWNCFh7BNddJoxO+
Score3/10 -
MITRE ATT&CK Enterprise v15
Persistence
Browser Extensions
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Installer Packages
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Installer Packages
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
3System Binary Proxy Execution
1Msiexec
1