Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
3setup.exe
windows7-x64
7setup.exe
windows10-2004-x64
10$PLUGINSDI...ls.dll
windows7-x64
3$PLUGINSDI...ls.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3LICENSES.c...m.html
windows7-x64
3LICENSES.c...m.html
windows10-2004-x64
3d3dcompiler_47.dll
windows10-2004-x64
1ffmpeg.dll
windows7-x64
1ffmpeg.dll
windows10-2004-x64
1libEGL.dll
windows7-x64
1libEGL.dll
windows10-2004-x64
1libGLESv2.dll
windows7-x64
1libGLESv2.dll
windows10-2004-x64
1resources/elevate.exe
windows7-x64
3resources/elevate.exe
windows10-2004-x64
3vk_swiftshader.dll
windows7-x64
1vk_swiftshader.dll
windows10-2004-x64
1vulkan-1.dll
windows7-x64
1vulkan-1.dll
windows10-2004-x64
1xxd.exe
windows7-x64
1xxd.exe
windows10-2004-x64
9$PLUGINSDI...7z.dll
windows7-x64
3$PLUGINSDI...7z.dll
windows10-2004-x64
3General
-
Target
setup.bat
-
Size
77.4MB
-
Sample
240914-c9bcqsshjr
-
MD5
c5257fcbbdf29f27905a5500ba074fbb
-
SHA1
83a0381e09edcb9e3fd1f6bec9792c2ea831f728
-
SHA256
d1d620a61f00160ea1d9688cbd1a9455f5e77a539f456922abb0ba251fd296e8
-
SHA512
91f9fab707e710760cebf5f3e478b3baf994abfae823dd9364e456d916c8d1a03a03a877adc876cdc4a99a5be6de2ce29f1922c7794be9ecec6bae93ad871d1e
-
SSDEEP
1572864:L4gPXMorgRZKku2vOmdMdQPjjXzjCKQTtuvC+qTSzPY1rc7:L4AcGgRZ2mCdQLzCHkKn+7
Static task
static1
Behavioral task
behavioral1
Sample
setup.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
setup.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
LICENSES.chromium.html
Resource
win7-20240729-en
Behavioral task
behavioral8
Sample
LICENSES.chromium.html
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
d3dcompiler_47.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral10
Sample
ffmpeg.dll
Resource
win7-20240708-en
Behavioral task
behavioral11
Sample
ffmpeg.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral12
Sample
libEGL.dll
Resource
win7-20240903-en
Behavioral task
behavioral13
Sample
libEGL.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral14
Sample
libGLESv2.dll
Resource
win7-20240903-en
Behavioral task
behavioral15
Sample
libGLESv2.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral16
Sample
resources/elevate.exe
Resource
win7-20240704-en
Behavioral task
behavioral17
Sample
resources/elevate.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral18
Sample
vk_swiftshader.dll
Resource
win7-20240903-en
Behavioral task
behavioral19
Sample
vk_swiftshader.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral20
Sample
vulkan-1.dll
Resource
win7-20240903-en
Behavioral task
behavioral21
Sample
vulkan-1.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral22
Sample
xxd.exe
Resource
win7-20240903-en
Behavioral task
behavioral23
Sample
xxd.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral24
Sample
$PLUGINSDIR/nsis7z.dll
Resource
win7-20240729-en
Behavioral task
behavioral25
Sample
$PLUGINSDIR/nsis7z.dll
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
setup.bat
-
Size
77.4MB
-
MD5
c5257fcbbdf29f27905a5500ba074fbb
-
SHA1
83a0381e09edcb9e3fd1f6bec9792c2ea831f728
-
SHA256
d1d620a61f00160ea1d9688cbd1a9455f5e77a539f456922abb0ba251fd296e8
-
SHA512
91f9fab707e710760cebf5f3e478b3baf994abfae823dd9364e456d916c8d1a03a03a877adc876cdc4a99a5be6de2ce29f1922c7794be9ecec6bae93ad871d1e
-
SSDEEP
1572864:L4gPXMorgRZKku2vOmdMdQPjjXzjCKQTtuvC+qTSzPY1rc7:L4AcGgRZ2mCdQLzCHkKn+7
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Hide Artifacts: Hidden Files and Directories
-
-
-
Target
$PLUGINSDIR/StdUtils.dll
-
Size
100KB
-
MD5
c6a6e03f77c313b267498515488c5740
-
SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15
-
SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
-
SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
-
SSDEEP
3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
0d7ad4f45dc6f5aa87f606d0331c6901
-
SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457
-
SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
-
SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
-
SSDEEP
192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score3/10 -
-
-
Target
LICENSES.chromium.html
-
Size
8.8MB
-
MD5
2675b30d524b6c79b6cee41af86fc619
-
SHA1
407716c1bb83c211bcb51efbbcb6bf2ef1664e5b
-
SHA256
6a717038f81271f62318212f00b1a2173b9cb0cc435f984710ac8355eb409081
-
SHA512
3214341da8bf3347a6874535bb0ff8d059ee604e779491780f2b29172f9963e23acbe3c534d888f7a3b99274f46d0628962e1e72a5d3fc6f18ca2b62343df485
-
SSDEEP
24576:cpD6826x5kSWSsRinoHnmfm646a6N6z68SH4SApTJ:cHSek
Score3/10 -
-
-
Target
d3dcompiler_47.dll
-
Size
4.7MB
-
MD5
2191e768cc2e19009dad20dc999135a3
-
SHA1
f49a46ba0e954e657aaed1c9019a53d194272b6a
-
SHA256
7353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d
-
SHA512
5adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970
-
SSDEEP
49152:KCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvhiD0N+YEzI4og/RfzHLeHTRhFRNc:xG2QCwmHPnog/pzHAo/A6l
Score1/10 -
-
-
Target
ffmpeg.dll
-
Size
2.8MB
-
MD5
208e7af956a0803900125bdc11a3ecf2
-
SHA1
1bd84174194485da634bf8b3af0a78e236316a8e
-
SHA256
d863c8a26744703f2d12c674b45c87d8b34e21efce169d4797b57964d168b077
-
SHA512
76937999a21391107d9ebcfd66c7a2ca967cc7cac7aeb2b15bbeca6b546423a3d5c83969ef151c95d916d5a9f653573cd59d05110566d52a5c2679059c4d4ec3
-
SSDEEP
49152:9F5qb84KtStWEK/Ju2lf3tAtiLHQVTf6yfcrhCHDXLl8+0LKSQUSCu:9FvSkJXv+tiLAD0+DUS5
Score1/10 -
-
-
Target
libEGL.dll
-
Size
477KB
-
MD5
1b74f7e2b5d44ac10a89a5cf206630a8
-
SHA1
dd2e816e315b6a6a271fb01dc12163d9936c77c4
-
SHA256
662746a02930c151c5cab2b1167a56c6ca78b44028448fda91182147856edfed
-
SHA512
246814e5fc157cf731e3ec3e1096922864b48a36cc5b1e5259ebd2e673fde5dc741ad600f69cd80e1544ee12438f7cc6f208add894b5e02ac5e2c87d0b3933a8
-
SSDEEP
6144:38hd1BSjuMmof2SEXVVfgV8hxN7h2NwIEOg51f0FticyQ:38DXSjZmof2SEsmN12NwIE7f0FticyQ
Score1/10 -
-
-
Target
libGLESv2.dll
-
Size
7.3MB
-
MD5
596379ba25b32e95b5ec3cd8028b291b
-
SHA1
af61b5d29db91997e29ffed8a410d09ce74ee51e
-
SHA256
d5e1d7b8531a0f4ab576ba6f78d4c63b39186a2830d313c6695f0024c9ef627a
-
SHA512
f8835b455820c77b4ba509c326a185bf65131242161498229c5e3584a0e7789324932b95678556a657440deaf067ead454e85bf8233efa24162e7e4d9eaf417b
-
SSDEEP
98304:AwY1sQqaLe2Egto8U4r5Pp6TlITQZ38W888888888tb8dii:vNaSgtvroZ8
Score1/10 -
-
-
Target
resources/elevate.exe
-
Size
105KB
-
MD5
792b92c8ad13c46f27c7ced0810694df
-
SHA1
d8d449b92de20a57df722df46435ba4553ecc802
-
SHA256
9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
-
SHA512
6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40
-
SSDEEP
3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l
Score3/10 -
-
-
Target
vk_swiftshader.dll
-
Size
4.9MB
-
MD5
f16c36ae369609497bfd0847889bec63
-
SHA1
5dca218bf0b2a20d7d027fa10fdb1b8152564fe4
-
SHA256
4488a958418227fbe6f64898c2f85eefd87fc9e46aea457233b38db8a86e944d
-
SHA512
9f06f4a318c8a3e2fdccb6d983087184cff37a2b79e0c1e85b3ac8e45695454c4aacb4468593ebbfff64739b0d598ba4d1d9dd94187b1bbd82c1369c62781109
-
SSDEEP
49152:56h3a0f1ABi1jP9LoS8lne0Zv8EgHI7JXYN3bgFNmEgMYmz2qA0Mr7wsVUsNCOzZ:sh3aMXoSHfPwksHldLiuNr
Score1/10 -
-
-
Target
vulkan-1.dll
-
Size
931KB
-
MD5
0a8150e85160ea4311ddbd5b2d1b0b1b
-
SHA1
a012b8886ec9f305ff4a055ccddd5fc1f6045869
-
SHA256
0d56a41bead58fd5fee44b2ee60485d4c80a3a639acc42cfc57c8e059078dfe0
-
SHA512
d2d853d072ae7ac6871c880f164eeaa6300d9f951de3aacb4d65195407aa4a1ef18b9beae14b7eda0936e4fca5fb56b65038370d8e349893f3c8027526415921
-
SSDEEP
24576:xYWOq/4Kt/Ku8n387ecbFb6Z5WoDYsHY6g3P0zAk7so:xY65/M387R56Z5WoDYsHY6g3P0zAk7s
Score1/10 -
-
-
Target
xxd.exe
-
Size
164.7MB
-
MD5
3b8f4adf61f01f882591e9e113d65acf
-
SHA1
b324ec054ea0e4654a9bfb3d297a49891b50b988
-
SHA256
5ebe1ef5b37f06a9a11482c424f5d8e5f9a7cc964c857dc7fe7e2cd284182ce5
-
SHA512
d517db7414c85476f98e26e4a1a99203e8fe74a9b7600d3085a7c28139bb5461a99cf0c8a7e3274429cf16bbfc806c2663b6eb5c3535d71e4bc30a0b1746ca5c
-
SSDEEP
1572864:63lB0RhDP7igv6wO+HkaN/xtpj56BZWua2T3jC0gqhd07YeRt6C1Bd1jKoUeKtQk:PPvt1x2z5m1ij
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Drops startup file
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Hide Artifacts: Hidden Files and Directories
-
-
-
Target
$PLUGINSDIR/nsis7z.dll
-
Size
424KB
-
MD5
80e44ce4895304c6a3a831310fbf8cd0
-
SHA1
36bd49ae21c460be5753a904b4501f1abca53508
-
SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
-
SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df
-
SSDEEP
6144:aUWQQ5O3fz0NG3ucDaEUTWfk+ZA0NrCL/k+uyoyBOX1okfW7w+Pfzqibckl:an5QEG39fPAkrE4yrBOXDfaNbck
Score3/10 -
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Access Token Manipulation
1Create Process with Token
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Access Token Manipulation
1Create Process with Token
1File and Directory Permissions Modification
1Hide Artifacts
2Hidden Files and Directories
2Modify Registry
2Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1