Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

HyperPlay-...1).exe

windows7-x64

4

HyperPlay-...1).exe

windows10-2004-x64

$PLUGINSDI...ls.dll

windows7-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

HyperPlay.exe

windows7-x64

1

HyperPlay.exe

windows10-2004-x64

7

LICENSES.c...m.html

windows7-x64

3

LICENSES.c...m.html

windows10-2004-x64

3

d3dcompiler_47.dll

windows10-2004-x64

1

ffmpeg.dll

windows7-x64

1

ffmpeg.dll

windows10-2004-x64

1

libEGL.dll

windows7-x64

1

libEGL.dll

windows10-2004-x64

1

libGLESv2.dll

windows7-x64

1

libGLESv2.dll

windows10-2004-x64

1

resources/...dl.exe

windows7-x64

7

resources/...dl.exe

windows10-2004-x64

7

resources/...ry.exe

windows7-x64

7

resources/...ry.exe

windows10-2004-x64

7

resources/...d-0.js

windows7-x64

3

resources/...d-0.js

windows10-2004-x64

3

resources/...d-1.js

windows7-x64

3

resources/...d-1.js

windows10-2004-x64

3

resources/...d-2.js

windows7-x64

3

resources/...d-2.js

windows10-2004-x64

3

resources/...d-3.js

windows7-x64

3

Analysis

  • max time kernel
    1s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    01/09/2024, 18:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    resources/app.asar.unpacked/build/bin/win32/gogdl.exe

  • Size

    7.4MB

  • MD5

    4b18ed58b1a8c953f8a08a68a58b9a10

  • SHA1

    af85cfbcb655e491a31f2a8aa88b47224fa5d3f4

  • SHA256

    dcbfe8a0d102181c928fab9dadba0fd0b4f1a42d9ebaffe5520cbc84ed5d9c10

  • SHA512

    58b7b0e39c1446340b0c68db55f81da53c110883504b036ee30955ece637673e65d121c9dc201c8893217836ca7454171ccfd1f12ebd6fb34e83bcba3e163f64

  • SSDEEP

    196608:Hfp5vYL2Vmd6+DUrLZy7YM30Lzajwrp9/CNFWCV:fvYL2Vmd6mM0Gzajwr3y

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 7 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\build\bin\win32\gogdl.exe
    "C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\build\bin\win32\gogdl.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3040
    • C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\build\bin\win32\gogdl.exe
      "C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\build\bin\win32\gogdl.exe"
      2⤵
      • Loads dropped DLL
      PID:2816

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI30402\api-ms-win-core-file-l1-2-0.dll
    Filesize

    20KB

    MD5

    d92e6a007fc22a1e218552ebfb65da93

    SHA1

    3c9909332e94f7b7386664a90f52730f4027a75a

    SHA256

    03bd3217eae0ef68521b39556e7491292db540f615da873dd8da538693b81862

    SHA512

    b8b0e6052e68c08e558e72c168e4ff318b1907c4dc5fc1cd1104f5cae7cc418293013dabbb30c835a5c35a456e1cb22cc352b7ae40f82b9b7311bb7419d854c7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI30402\api-ms-win-core-file-l2-1-0.dll
    Filesize

    20KB

    MD5

    50abf0a7ee67f00f247bada185a7661c

    SHA1

    0cddac9ac4db3bf10a11d4b79085ef9cb3fb84a1

    SHA256

    f957a4c261506484b53534a9be8931c02ec1a349b3f431a858f8215cecfec3f7

    SHA512

    c2694bb5d103baff1264926a04d2f0fe156b8815a23c3748412a81cc307b71a9236a0e974b5549321014065e393d10228a0f0004df9ba677f03b5d244a64b528

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI30402\api-ms-win-core-localization-l1-2-0.dll
    Filesize

    20KB

    MD5

    de5695f26a0bcb54f59a8bc3f9a4ecef

    SHA1

    99c32595f3edc2c58bdb138c3384194831e901d6

    SHA256

    e9539fce90ad8be582b25ab2d5645772c2a5fb195e602ecdbf12b980656e436a

    SHA512

    df635d5d51cdea24885ae9f0406f317ddcf04ecb6bfa26579bb2e256c457057607844ded4b52ff1f5ca25abe29d1eb2b20f1709cf19035d3829f36bbe31f550f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI30402\api-ms-win-core-processthreads-l1-1-1.dll
    Filesize

    20KB

    MD5

    74c264cffc09d183fcb1555b16ea7e4b

    SHA1

    0b5b08cdf6e749b48254ac811ca09ba95473d47c

    SHA256

    a8e2fc077d9a7d2faa85e1e6833047c90b22c6086487b98fc0e6a86b7bf8bf09

    SHA512

    285afbcc39717510ced2ed096d9f77fc438268ecaa59cff3cf167fcc538e90c73c67652046b0ee379e0507d6e346af79d43c51a571c6dd66034f9385a73d00d1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI30402\python39.dll
    Filesize

    4.3MB

    MD5

    2135da9f78a8ef80850fa582df2c7239

    SHA1

    aac6ad3054de6566851cae75215bdeda607821c4

    SHA256

    324963a39b8fd045ff634bb3271508dab5098b4d99e85e7648d0b47c32dc85c3

    SHA512

    423b03990d6aa9375ce10e6b62ffdb7e1e2f20a62d248aac822eb9d973ae2bf35deddd2550a4a0e17c51ad9f1e4f86443ca8f94050e0986daa345d30181a2369

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI30402\ucrtbase.dll
    Filesize

    1.1MB

    MD5

    3b337c2d41069b0a1e43e30f891c3813

    SHA1

    ebee2827b5cb153cbbb51c9718da1549fa80fc5c

    SHA256

    c04daeba7e7c4b711d33993ab4c51a2e087f98f4211aea0dcb3a216656ba0ab7

    SHA512

    fdb3012a71221447b35757ed2bdca6ed1f8833b2f81d03aabebd2cd7780a33a9c3d816535d03c5c3edd5aaf11d91156842b380e2a63135e3c7f87193ad211499

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI30402\api-ms-win-core-timezone-l1-1-0.dll
    Filesize

    20KB

    MD5

    cb39eea2ef9ed3674c597d5f0667b5b4

    SHA1

    c133dc6416b3346fa5b0f449d7cc6f7dbf580432

    SHA256

    1627b921934053f1f7d2a19948aee06fac5db8ee8d4182e6f071718d0681f235

    SHA512

    2c65014dc045a2c1e5f52f3fea4967d2169e4a78d41fe56617ce9a4d5b30ebf25043112917ff3d7d152744ddef70475937ae0a7f96785f97dcefafe8e6f14d9c

    Download Submit