Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

HyperPlay-...1).exe

windows7-x64

4

HyperPlay-...1).exe

windows10-2004-x64

$PLUGINSDI...ls.dll

windows7-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

HyperPlay.exe

windows7-x64

1

HyperPlay.exe

windows10-2004-x64

7

LICENSES.c...m.html

windows7-x64

3

LICENSES.c...m.html

windows10-2004-x64

3

d3dcompiler_47.dll

windows10-2004-x64

1

ffmpeg.dll

windows7-x64

1

ffmpeg.dll

windows10-2004-x64

1

libEGL.dll

windows7-x64

1

libEGL.dll

windows10-2004-x64

1

libGLESv2.dll

windows7-x64

1

libGLESv2.dll

windows10-2004-x64

1

resources/...dl.exe

windows7-x64

7

resources/...dl.exe

windows10-2004-x64

7

resources/...ry.exe

windows7-x64

7

resources/...ry.exe

windows10-2004-x64

7

resources/...d-0.js

windows7-x64

3

resources/...d-0.js

windows10-2004-x64

3

resources/...d-1.js

windows7-x64

3

resources/...d-1.js

windows10-2004-x64

3

resources/...d-2.js

windows7-x64

3

resources/...d-2.js

windows10-2004-x64

3

resources/...d-3.js

windows7-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    01/09/2024, 18:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    resources/app.asar.unpacked/build/bin/win32/legendary.exe

  • Size

    8.0MB

  • MD5

    b1a5b3b4e07abfc2ee05060f22c1f5ce

  • SHA1

    20742af782f46c7ac1fd8ae082e2f6df118245bd

  • SHA256

    a9e49373c3e683bb6250fa3edb5c40f7d855799d4bdadc8bfeceebffda13e5f7

  • SHA512

    0de6522cc0b069c58334e52f768a6089c058bd0b53859262b0067292cba001e62b4b1d6832e71047fa5d71e5437463d4f33f41001619546106a4f0fbbf92b545

  • SSDEEP

    196608:2UQaoaQQ8Sf/MnfICteEroXx7IP0oTcMsABqlofymn1lGT06y3R:DQaoaQQd/gfInEroXOMogFABqS/14T0r

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 7 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\build\bin\win32\legendary.exe
    "C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\build\bin\win32\legendary.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1500
    • C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\build\bin\win32\legendary.exe
      "C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\build\bin\win32\legendary.exe"
      2⤵
      • Loads dropped DLL
      PID:2768

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI15002\api-ms-win-core-file-l1-2-0.dll
    Filesize

    18KB

    MD5

    31e207b01e67b6563d2cf9110d06a1d2

    SHA1

    f12832e055c0f0d70fc44b4cb0215c17aa948332

    SHA256

    6b31a206c051815be9f7b366d2a9d2464747a56888a7307a924ecdac558271e1

    SHA512

    8a19324c8719ad6e7509de44fe79c6614c064daa47c4206a2b6ba4124b45bc4d8785cd51b8877c9ae5a1e0768ee1bba8f98e8d8c17b700aa8dadbd2801035a92

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI15002\api-ms-win-core-file-l2-1-0.dll
    Filesize

    18KB

    MD5

    f2d12342c68e51aa748d4937f3ec7ded

    SHA1

    22368cebce89feb929004f73bd0f7236f7050e36

    SHA256

    6ba964ad55822f55eea14f73a48deb164b337639a82da677fc6efc1c539fe81e

    SHA512

    1e1440c97237716a6ac63e038d932edd0e7962230bfd6956b8aafa378b344daf92da696f0d1a57b0d71fef3722296b0d02f59b0fc9551e7944c445cc6b2b26a4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI15002\api-ms-win-core-localization-l1-2-0.dll
    Filesize

    20KB

    MD5

    9b43f5733a98e5c6095996916f889987

    SHA1

    01ba4d84cb2adf3536c31b1c41375d141dcd2ba1

    SHA256

    2b7e6b54ebc2b9556e2f75e7372d4b2d16758f928b79395b8a55c7acdca93341

    SHA512

    b3497f31c155049c68b18d2f28383843bd8b8c078db119c07d63ec1900a6204e266a3bc1503734fd85c3766bddb25029880291e4f6060afe5df82717af6ae092

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI15002\api-ms-win-core-processthreads-l1-1-1.dll
    Filesize

    18KB

    MD5

    95b0eb891b1e869568a2bf9ab67eab0f

    SHA1

    09cf1cbb3089fc418eb933d1b4611cca0d4ad327

    SHA256

    5129795d6e0aeca2fa56aaa56d71d2e9809c2ad77c14265abcb51fe832105e00

    SHA512

    7b2a74278fb7e51242006dc1e60d0e7cc3ed763eb4e7ed7e9da87797ea81fdb05857de838b745fac03468f85c755fe86331746466c30f87f127172de5524f057

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI15002\api-ms-win-core-timezone-l1-1-0.dll
    Filesize

    18KB

    MD5

    69d1c46b9927d1c7cad8dfb5e18ab7ab

    SHA1

    1917be91adb466085678ebe036643cb187a7f4d5

    SHA256

    23f035627abed3460e6dbe8436e5b608c7c30f69091011f655f10ee49ebfd282

    SHA512

    365dbc3811b9bc2417937e433b7b748080c3ca1f4fc1b361117db46fd9dcfe49d948407dca33ca75d307b0e7f7919cc3550caa16e6950f10b0f46d16cbd36172

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI15002\python39.dll
    Filesize

    4.3MB

    MD5

    789b4ecbce732a7e8479e8909f097d16

    SHA1

    a79c2e1ca0ad675a48f3bba0fbdeff1b888f0e74

    SHA256

    8314174dacfc1c4f177be8266c78f147621cf577a39742642a76ec27e7b87b02

    SHA512

    b9b57ff21735c06f4b3957cdd5a3ab54602a7141f1792de52aea0e6fc41be957070b958ab75b1a26a302b6fb17a02e9a187ad289a6af0c72a5ade43b4bf06e6d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI15002\ucrtbase.dll
    Filesize

    977KB

    MD5

    5b1c91b53ac3c3026d50de8c05aba139

    SHA1

    b9c2d160b1ce856d9904a340362236473a3d559c

    SHA256

    d804ea40eacfc22a5e029b66d6d4f83d81f76a7ead80313b33839253f90af6b7

    SHA512

    8e01056830e65320d684245bf055305e03ef136545efb51aad484a5b1b006f7d534c30b7973da8628f49c31710ae23d3420f941156c941172b97efe9e1ef9a1f

    Download Submit