Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

d048f1566e...f4.exe

windows7-x64

4

d048f1566e...f4.exe

windows10-2004-x64

4

$PLUGINSDIR/INetC.dll

windows7-x64

3

$PLUGINSDIR/INetC.dll

windows10-2004-x64

3

$TEMP/GMIn...er.exe

windows7-x64

4

$TEMP/GMIn...er.exe

windows10-2004-x64

4

$PLUGINSDIR/INetC.dll

windows7-x64

3

$PLUGINSDIR/INetC.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

3

$PLUGINSDI...ss.dll

windows10-2004-x64

3

Firewall.exe

windows7-x64

6

Firewall.exe

windows10-2004-x64

6

GamesManager.exe

windows7-x64

3

GamesManager.exe

windows10-2004-x64

3

Uninstaller.exe

windows7-x64

4

Uninstaller.exe

windows10-2004-x64

4

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

3

$PLUGINSDI...ss.dll

windows10-2004-x64

3

browser_cef_dll.dll

windows7-x64

3

browser_cef_dll.dll

windows10-2004-x64

3

browser_cef_exe.exe

windows7-x64

3

browser_cef_exe.exe

windows10-2004-x64

3

cef.js

windows7-x64

3

cef.js

windows10-2004-x64

3

cef_100_percent.js

windows7-x64

3

cef_100_percent.js

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d048f1566e130d44e21c475e24847b2614f29e2877a00f7d39997ab24d43ecf4.exe

  • Size

    43.3MB

  • Sample

    240927-b7snka1hpf

  • MD5

    48eb6e52b1ba50c64e6446da58b11c94

  • SHA1

    76d6c51a4ec7c8ba803c1d775106493ad58bdccf

  • SHA256

    d048f1566e130d44e21c475e24847b2614f29e2877a00f7d39997ab24d43ecf4

  • SHA512

    bc27f8e17a0a7581882563beff2da6a7fcedad58b43cdb988a2d6a3baf0560b4bd0b263b0836d75bd56a36a5e456f2489ac29e6fb2264b328bb0502f8d4d8cbc

  • SSDEEP

    786432:07MTTN3VZFUwsX0GMZNHCvFh6ylXVijevA3nwjDcLdMn/TP/:jfN3VZy0GMrHCth6iXwA28P/

Score
6/10
discoveryevasionexecutionpersistenceprivilege_escalationspywarestealer

Malware Config

Targets

    • Target

      d048f1566e130d44e21c475e24847b2614f29e2877a00f7d39997ab24d43ecf4.exe

    • Size

      43.3MB

    • MD5

      48eb6e52b1ba50c64e6446da58b11c94

    • SHA1

      76d6c51a4ec7c8ba803c1d775106493ad58bdccf

    • SHA256

      d048f1566e130d44e21c475e24847b2614f29e2877a00f7d39997ab24d43ecf4

    • SHA512

      bc27f8e17a0a7581882563beff2da6a7fcedad58b43cdb988a2d6a3baf0560b4bd0b263b0836d75bd56a36a5e456f2489ac29e6fb2264b328bb0502f8d4d8cbc

    • SSDEEP

      786432:07MTTN3VZFUwsX0GMZNHCvFh6ylXVijevA3nwjDcLdMn/TP/:jfN3VZy0GMrHCth6iXwA28P/

    Score
    4/10
    discoveryspywarestealer
    behavioral1behavioral2

    • Target

      $PLUGINSDIR/INetC.dll

    • Size

      25KB

    • MD5

      e7ebd034dacf96fcc0c7a35c62477d21

    • SHA1

      cd372d0607d94b48ac84a1738ed434df4d882f22

    • SHA256

      dc84aa66f398781fe76eecf90fc6613f729076552d4b268269228b754bfd70d2

    • SHA512

      df367b39c7c62ba2df1d50cbe3dbc97a7a2719fae7684330b4df971f0742c3447f0beb2d295a206522bbce6fbd0053d188d159f7236b6953d35cbf51aecc1bf3

    • SSDEEP

      384:N8H7SlBWLj3TKkbZvnprdzke+Bj9e9dEaY/ZwceyekskO5GmO8V:NkrKABprOeQAvEassk+GmO8V

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      $TEMP/GMInstaller/GamesManagerInstaller.exe

    • Size

      43.2MB

    • MD5

      fc633da3b56a184f90c207cd2a83093e

    • SHA1

      1f1f7da7fbdbe4f9149a92a4e43e33010127a3e6

    • SHA256

      6b8f12f25efdd9e6c9b2dc88035ba03de5568753fde37a1d551d6d45bb867705

    • SHA512

      b385842e3c28ecb1acaaa52dfef9a1d1e87bb9bfb94c68a4a02d07f2bfc59fda2b929f11a07fa7f4475b7935d6bf814eedc6da7bf4fe804e540e4568d4984cb6

    • SSDEEP

      786432:Y3n1671aoxbsaqDX8SoZhYEYOvHcq0HDukMqXrPOLPIte0z9:4w71aoheX8xZhbYOvcXnicz9

    Score
    4/10
    discovery
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/INetC.dll

    • Size

      25KB

    • MD5

      e7ebd034dacf96fcc0c7a35c62477d21

    • SHA1

      cd372d0607d94b48ac84a1738ed434df4d882f22

    • SHA256

      dc84aa66f398781fe76eecf90fc6613f729076552d4b268269228b754bfd70d2

    • SHA512

      df367b39c7c62ba2df1d50cbe3dbc97a7a2719fae7684330b4df971f0742c3447f0beb2d295a206522bbce6fbd0053d188d159f7236b6953d35cbf51aecc1bf3

    • SSDEEP

      384:N8H7SlBWLj3TKkbZvnprdzke+Bj9e9dEaY/ZwceyekskO5GmO8V:NkrKABprOeQAvEassk+GmO8V

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      bf712f32249029466fa86756f5546950

    • SHA1

      75ac4dc4808ac148ddd78f6b89a51afbd4091c2e

    • SHA256

      7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af

    • SHA512

      13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4

    • SSDEEP

      192:0N2gQuUwXzioj4KALV2upWzVd7q1QDXEbBZ8KxHdGzyS/Kx:rJoiO8V2upW7vQjS/

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      $PLUGINSDIR/nsProcess.dll

    • Size

      4KB

    • MD5

      f0438a894f3a7e01a4aae8d1b5dd0289

    • SHA1

      b058e3fcfb7b550041da16bf10d8837024c38bf6

    • SHA256

      30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

    • SHA512

      f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

    • SSDEEP

      48:Sz4joMeH+Iwdf8Rom/L+rOnnk5/OCnXeAdbdOAa4GPI+CJ87eILzlq7gthwIsEQW:64c/eFdfS/SSnkxNa4G+ueqPuCtGsj

    Score
    3/10
    discovery
    behavioral11behavioral12

    • Target

      Firewall.exe

    • Size

      101KB

    • MD5

      6c38755392d50a1fd40339a1e0c890b6

    • SHA1

      ccbd98910147e1b4d3d8c1c99c03e6b03480e923

    • SHA256

      e39b2ddc59e30fd880d3bb1ad7bac4b7f03b66f84f948fe5c158b291ab8b25e4

    • SHA512

      c2c926151226ccc93ca34a049c984e7696f0ba83863bbcd32fead26d9d3fd1a5913f3a4f1f8cb6588edd17e421743a682744569012d0c3a8d2d5925cadf9acd3

    • SSDEEP

      1536:lGarUa6LowvuhdNYh2Gf9rg6hzGPnJCw1Zdr7HiNTXYlZ63uCk7U1Xap24KOQ+8n:b5BuYAVrgUCPnJCidvKTXnuXoaKlDb

    Score
    6/10
    discoveryevasionpersistenceprivilege_escalation
    behavioral13behavioral14

    • Target

      GamesManager.exe

    • Size

      3.7MB

    • MD5

      ff948b22cb83729c3825101e506319f2

    • SHA1

      c1f8f7f7241465a378740cf14c3003818855d8c2

    • SHA256

      4498cac4be3beb2f0733ab6e0d5a3add87270920a4ef08a7f82f46f98fa1cc2a

    • SHA512

      81cf71f9571df6905309edd770ebdb9170b1a1d678bd1187100e43e8f336934080cfeb59558c2d18f05a110d6be2e9860d29419bf2831cb9108495af6538cfd7

    • SSDEEP

      49152:eoG0mRnBkkHKcLHrJHiUaXaUaB5Er1DchTPbuG1FIU93a/+DhxYmQ6:eoG0hkHK69XUWMG1FIU93a/6

    Score
    3/10
    discovery
    behavioral15behavioral16

    • Target

      Uninstaller.exe

    • Size

      254KB

    • MD5

      4bb4437671cf20d1e664c20ec1fc1ed9

    • SHA1

      b0254bc629a0d173b30ea9ac6c3c059e5bb3cdd5

    • SHA256

      bbd535e9e5de50297eeb3dff5ea6368dda6f6cd5887eddadb529f2f6cbd1046f

    • SHA512

      d42839eecc83be0ff83c0169caa2e1dae867af6f70efc9b5bfd3f49061ca1dad98df9eeba65b6a34ba7079cecf227ad0767e7d98e62dfdad01ed539030487bae

    • SSDEEP

      3072:z5BuYAVrgUCPnKOfKjMbE4AuiU4ZwR+ORD52dtLjQXIygn1gxAJ811xQ1K9MwLTr:z50gUC5iYbE4A9xZwIkwXLjQPRXnU+N

    Score
    4/10
    discovery
    behavioral17behavioral18

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      15KB

    • MD5

      89351a0a6a89519c86c5531e20dab9ea

    • SHA1

      9e801aaaae9e70d8f7fc52f6f12cedc55e4c8a00

    • SHA256

      f530069ef87a1c163c4fd63a3d5b053420ce3d7a98739c70211b4a99f90d6277

    • SHA512

      13168fa828b581383e5f64d3b54be357e98d2eb9362b45685e7426ffc2f0696ab432cc8a3f374ce8abd03c096f1662d954877afa886fc4aa74709e6044b75c08

    • SSDEEP

      384:/MnT0MKT/Xwr2izZQ86mpAT8F9lN8Ov0J:EQMKzwTFnVX8i0

    Score
    3/10
    discovery
    behavioral19behavioral20

    • Target

      $PLUGINSDIR/LangDLL.dll

    • Size

      5KB

    • MD5

      a1cd3f159ef78d9ace162f067b544fd9

    • SHA1

      72671fdf4bfeeb99b392685bf01081b4a0b3ae66

    • SHA256

      47b9e251c9c90f43e3524965aecc07bd53c8e09c5b9f9862b44c306667e2b0b6

    • SHA512

      ccc70166c7d7746cd42cd0cec322b2adf4a478ff67c35d465f0f0f5b2b369c996a95557b678c09cb21b8311d8a91eed4196ddc218ea7d510f81464669b911362

    • SSDEEP

      48:apTVWFeApYx2lxaKe3yfeEIWCGWNpBWLGGrx3pMt4z8mtJ7HofYZVSLa:RFG0xaKkyfjIWTW7BYrhSbmtJ7/V

    Score
    3/10
    discovery
    behavioral21behavioral22

    • Target

      $PLUGINSDIR/nsProcess.dll

    • Size

      4KB

    • MD5

      f0438a894f3a7e01a4aae8d1b5dd0289

    • SHA1

      b058e3fcfb7b550041da16bf10d8837024c38bf6

    • SHA256

      30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

    • SHA512

      f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

    • SSDEEP

      48:Sz4joMeH+Iwdf8Rom/L+rOnnk5/OCnXeAdbdOAa4GPI+CJ87eILzlq7gthwIsEQW:64c/eFdfS/SSnkxNa4G+ueqPuCtGsj

    Score
    3/10
    discovery
    behavioral23behavioral24

    • Target

      browser_cef_dll.dll

    • Size

      601KB

    • MD5

      2886539265edda0fbc220a5ee7df3236

    • SHA1

      a7675360a37eccf8543c76b9293763c81ef19096

    • SHA256

      d39dfed8b0e55be1681dceafbced7cbb485e5336d4618b08d878e32ff9ed4ddc

    • SHA512

      9b4fbd0019370ba214ef316364a22015cabd92338dc22b3aac300b8e052dc1b7ab1237b0d3c2110c05c8df9014c2ba0e3a83c7166345dc7faf52a24f7a4c3b60

    • SSDEEP

      12288:sNAJx1t2HOC4N18+ygpZimw8e5DxI1pRfr:mAv2uCQ18LpFINfr

    Score
    3/10
    discovery
    behavioral25behavioral26

    • Target

      browser_cef_exe.exe

    • Size

      545KB

    • MD5

      2e965cab13feaf3594366eac83181896

    • SHA1

      7eeca2aeef4202790d4d7dc4576f9d98311a7e1d

    • SHA256

      bff3225a85cc239fa44ba988025dfc63c368e16e3218c528139513e1328b0a37

    • SHA512

      a77fe8bbe5dda259702aacab49acd2b3bc27759ccc00e0a0fb249f639d60af147e95b4db3ab19e6f7d22b25032bdbb0d09cf4806b9cd42ea0ccfb60fc6fb8062

    • SSDEEP

      6144:Jj6z6ocKeUB+GsU2P3AOZXH1DDYr+ZMgpZimw8e5DxIwDP1uBm:JC6tKBtB2/718+ygpZimw8e5DxIcQBm

    Score
    3/10
    discovery
    behavioral27behavioral28

    • Target

      cef.pak

    • Size

      3.9MB

    • MD5

      b821bc1fad6081ce1ede779c7b239d0a

    • SHA1

      3ddce293acea7ecad12ac6c7d33fb817154b61cb

    • SHA256

      defe5e079533ea9c2634e13621734ab3f773d402ca61a4e6360026ef2bf1d9e2

    • SHA512

      087aff63cc51b7080086a9fade2947abfa53f4d435ef4ef007e16c1d620287b6818e7609d996143b6cfc28d5d7a71ad666bc872f07bac534f2c39192e94543cd

    • SSDEEP

      49152:cI5ifRQsYa2qSdHfick5qkJoYA4+uug+UwJbeuR/oSHPFolWhHPeJ5RSzWavXUgE:ZQeuur9v2LxYz5v8j2ohP

    Score
    3/10
    execution
    behavioral29behavioral30

    • Target

      cef_100_percent.pak

    • Size

      557KB

    • MD5

      b025965acef260b5eb1b437c6299fdde

    • SHA1

      1cca2181ae80e3780100b810554181481cb8cc5e

    • SHA256

      18418cf413ce931872d7709b06c72c6038ebcaa24b7cd65077bc76a7460adc6d

    • SHA512

      93ac74fa29e1b34563871ac4b73916d0b7912a90bae55b7caa3e6a8f78e93c101bdf3197c929f20031b3f45676f00020ea5c6b241d2cefad91f7c848cdbf692b

    • SSDEEP

      6144:J6z/PPQ1MHMvfTm7bDlIdM/7OV71Ywlst+:g/SLeDFj8ct+

    Score
    3/10
    execution
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

JavaScript

1
T1059.007

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

1
T1112

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Tasks

static1

Score
3/10

behavioral1

discoveryspywarestealer
Score
4/10

behavioral2

discoveryspywarestealer
Score
4/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
4/10

behavioral6

discovery
Score
4/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

discoveryevasionpersistenceprivilege_escalation
Score
6/10

behavioral14

discoveryevasionpersistenceprivilege_escalation
Score
6/10

behavioral15

discovery
Score
3/10

behavioral16

discovery
Score
3/10

behavioral17

discovery
Score
4/10

behavioral18

discovery
Score
4/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10

behavioral23

discovery
Score
3/10

behavioral24

discovery
Score
3/10

behavioral25

discovery
Score
3/10

behavioral26

discovery
Score
3/10

behavioral27

discovery
Score
3/10

behavioral28

discovery
Score
3/10

behavioral29

execution
Score
3/10

behavioral30

execution
Score
3/10

behavioral31

execution
Score
3/10

behavioral32

execution
Score
3/10