Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
8Static
static
3Lorydos.exe
windows11-21h2-x64
8$PLUGINSDI...ls.dll
windows11-21h2-x64
3$PLUGINSDI...em.dll
windows11-21h2-x64
3Installer.exe
windows11-21h2-x64
1LICENSES.c...m.html
windows11-21h2-x64
8d3dcompiler_47.dll
windows11-21h2-x64
1ffmpeg.dll
windows11-21h2-x64
1libEGL.dll
windows11-21h2-x64
1libGLESv2.dll
windows11-21h2-x64
1resources/...dex.js
windows11-21h2-x64
3resources/...pi.dll
windows11-21h2-x64
1resources/...act.js
windows11-21h2-x64
3sqlite-aut...llback
windows11-21h2-x64
3sqlite-aut...ace.js
windows11-21h2-x64
3sqlite-aut...al.ps1
windows11-21h2-x64
3sqlite-aut...re.vbs
windows11-21h2-x64
1sqlite-aut...all-sh
windows11-21h2-x64
1sqlite-aut...ain.sh
windows11-21h2-x64
3sqlite-aut...re.vbs
windows11-21h2-x64
1sqlite-aut...ure.ac
windows11-21h2-x64
3sqlite-aut...all-sh
windows11-21h2-x64
1resources/...e3.dll
windows11-21h2-x64
1resources/...ing.js
windows11-21h2-x64
3resources/...te3.js
windows11-21h2-x64
3resources/...ace.js
windows11-21h2-x64
3resources/...kup.js
windows11-21h2-x64
3resources/elevate.exe
windows11-21h2-x64
3swiftshade...GL.dll
windows11-21h2-x64
1swiftshade...v2.dll
windows11-21h2-x64
1vk_swiftshader.dll
windows11-21h2-x64
1vulkan-1.dll
windows11-21h2-x64
1$PLUGINSDI...7z.dll
windows11-21h2-x64
3Analysis
-
max time kernel
439s -
max time network
1163s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system -
submitted
14/09/2024, 02:42
Static task
static1
Behavioral task
behavioral1
Sample
Lorydos.exe
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral2
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral4
Sample
Installer.exe
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral5
Sample
LICENSES.chromium.html
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral6
Sample
d3dcompiler_47.dll
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral7
Sample
ffmpeg.dll
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral8
Sample
libEGL.dll
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral9
Sample
libGLESv2.dll
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral10
Sample
resources/app.asar.unpacked/node_modules/@primno/dpapi/dist/index.js
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral11
Sample
resources/app.asar.unpacked/node_modules/@primno/dpapi/prebuilds/win32-x64/node.napi.dll
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral12
Sample
resources/app.asar.unpacked/node_modules/sqlite3/deps/extract.js
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral13
Sample
sqlite-autoconf-3410100/Makefile.fallback
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral14
Sample
sqlite-autoconf-3410100/Replace.js
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral15
Sample
sqlite-autoconf-3410100/aclocal.ps1
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral16
Sample
sqlite-autoconf-3410100/configure.vbs
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral17
Sample
sqlite-autoconf-3410100/install-sh
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral18
Sample
sqlite-autoconf-3410100/ltmain.sh
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral19
Sample
sqlite-autoconf-3410100/tea/configure.vbs
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral20
Sample
sqlite-autoconf-3410100/tea/configure.ac
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral21
Sample
sqlite-autoconf-3410100/tea/tclconfig/install-sh
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral22
Sample
resources/app.asar.unpacked/node_modules/sqlite3/lib/binding/napi-v6-win32-unknown-x64/node_sqlite3.dll
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral23
Sample
resources/app.asar.unpacked/node_modules/sqlite3/lib/sqlite3-binding.js
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral24
Sample
resources/app.asar.unpacked/node_modules/sqlite3/lib/sqlite3.js
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral25
Sample
resources/app.asar.unpacked/node_modules/sqlite3/lib/trace.js
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral26
Sample
resources/app.asar.unpacked/node_modules/sqlite3/src/backup.js
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral27
Sample
resources/elevate.exe
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral28
Sample
swiftshader/libEGL.dll
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral29
Sample
swiftshader/libGLESv2.dll
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral30
Sample
vk_swiftshader.dll
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral31
Sample
vulkan-1.dll
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral32
Sample
$PLUGINSDIR/nsis7z.dll
Resource
win11-20240802-en
windows11-21h2-x64
General
-
Target
Installer.exe
-
Size
120.4MB
-
MD5
36d0b5b1ed9a76523d7279752d995b9a
-
SHA1
a555ca2f60a5c80b145c5405002fa3e1b29268a8
-
SHA256
fc3146019e85fad7a1d2e2049fc7c45105d3cd337d2531967829103d87fe6bb3
-
SHA512
bd1312889a51dbf716001084a972bdbfbb0c44260adcb54c593bef078a394bc494dbc34a8a87a6d908674745c85d27fd9fe1c44f56636f8e60190ddf88bae3c9
-
SSDEEP
1572864:a1f0+Sva7Hdp1Nhn+aCdrvdYrZ/7/lbg8udR8SnuSE49z:3asulbg8yTnbEOz
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 4052 Installer.exe 4052 Installer.exe 2780 Installer.exe 2780 Installer.exe 2780 Installer.exe 2780 Installer.exe -
Suspicious use of WriteProcessMemory 44 IoCs
description pid Process procid_target PID 3332 wrote to memory of 564 3332 Installer.exe 78 PID 3332 wrote to memory of 564 3332 Installer.exe 78 PID 3332 wrote to memory of 564 3332 Installer.exe 78 PID 3332 wrote to memory of 564 3332 Installer.exe 78 PID 3332 wrote to memory of 564 3332 Installer.exe 78 PID 3332 wrote to memory of 564 3332 Installer.exe 78 PID 3332 wrote to memory of 564 3332 Installer.exe 78 PID 3332 wrote to memory of 564 3332 Installer.exe 78 PID 3332 wrote to memory of 564 3332 Installer.exe 78 PID 3332 wrote to memory of 564 3332 Installer.exe 78 PID 3332 wrote to memory of 564 3332 Installer.exe 78 PID 3332 wrote to memory of 564 3332 Installer.exe 78 PID 3332 wrote to memory of 564 3332 Installer.exe 78 PID 3332 wrote to memory of 564 3332 Installer.exe 78 PID 3332 wrote to memory of 564 3332 Installer.exe 78 PID 3332 wrote to memory of 564 3332 Installer.exe 78 PID 3332 wrote to memory of 564 3332 Installer.exe 78 PID 3332 wrote to memory of 564 3332 Installer.exe 78 PID 3332 wrote to memory of 564 3332 Installer.exe 78 PID 3332 wrote to memory of 564 3332 Installer.exe 78 PID 3332 wrote to memory of 564 3332 Installer.exe 78 PID 3332 wrote to memory of 564 3332 Installer.exe 78 PID 3332 wrote to memory of 564 3332 Installer.exe 78 PID 3332 wrote to memory of 564 3332 Installer.exe 78 PID 3332 wrote to memory of 564 3332 Installer.exe 78 PID 3332 wrote to memory of 564 3332 Installer.exe 78 PID 3332 wrote to memory of 564 3332 Installer.exe 78 PID 3332 wrote to memory of 564 3332 Installer.exe 78 PID 3332 wrote to memory of 564 3332 Installer.exe 78 PID 3332 wrote to memory of 564 3332 Installer.exe 78 PID 3332 wrote to memory of 564 3332 Installer.exe 78 PID 3332 wrote to memory of 564 3332 Installer.exe 78 PID 3332 wrote to memory of 564 3332 Installer.exe 78 PID 3332 wrote to memory of 564 3332 Installer.exe 78 PID 3332 wrote to memory of 564 3332 Installer.exe 78 PID 3332 wrote to memory of 564 3332 Installer.exe 78 PID 3332 wrote to memory of 564 3332 Installer.exe 78 PID 3332 wrote to memory of 564 3332 Installer.exe 78 PID 3332 wrote to memory of 564 3332 Installer.exe 78 PID 3332 wrote to memory of 564 3332 Installer.exe 78 PID 3332 wrote to memory of 4052 3332 Installer.exe 79 PID 3332 wrote to memory of 4052 3332 Installer.exe 79 PID 3332 wrote to memory of 2780 3332 Installer.exe 81 PID 3332 wrote to memory of 2780 3332 Installer.exe 81
Processes
-
C:\Users\Admin\AppData\Local\Temp\Installer.exe"C:\Users\Admin\AppData\Local\Temp\Installer.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3332 -
C:\Users\Admin\AppData\Local\Temp\Installer.exe"C:\Users\Admin\AppData\Local\Temp\Installer.exe" --type=gpu-process --field-trial-handle=1604,14917001817448343847,13398579759565474578,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1592 /prefetch:22⤵PID:564
-
-
C:\Users\Admin\AppData\Local\Temp\Installer.exe"C:\Users\Admin\AppData\Local\Temp\Installer.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1604,14917001817448343847,13398579759565474578,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2004 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4052
-
-
C:\Users\Admin\AppData\Local\Temp\Installer.exe"C:\Users\Admin\AppData\Local\Temp\Installer.exe" --type=gpu-process --field-trial-handle=1604,14917001817448343847,13398579759565474578,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=MAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAIAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1540 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2780
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4728