Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
9Static
static
3FiddlerSet...st.exe
windows7-x64
9FiddlerSet...st.exe
windows10-2004-x64
9$PLUGINSDI...up.exe
windows7-x64
9$PLUGINSDI...up.exe
windows10-2004-x64
9$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3Analytics.dll
windows7-x64
1Analytics.dll
windows10-2004-x64
1Be.Windows...ox.dll
windows7-x64
1Be.Windows...ox.dll
windows10-2004-x64
1DotNetZip.dll
windows7-x64
1DotNetZip.dll
windows10-2004-x64
1EnableLoopback.exe
windows7-x64
3EnableLoopback.exe
windows10-2004-x64
7ExecAction.exe
windows7-x64
1ExecAction.exe
windows10-2004-x64
1FSE2.exe
windows7-x64
3FSE2.exe
windows10-2004-x64
3Fiddler.exe
windows7-x64
1Fiddler.exe
windows10-2004-x64
3ForceCPU.exe
windows7-x64
1ForceCPU.exe
windows10-2004-x64
1GA.Analyti...or.dll
windows7-x64
1GA.Analyti...or.dll
windows10-2004-x64
1ImportExpo...ts.dll
windows7-x64
1ImportExpo...ts.dll
windows10-2004-x64
1ImportExpo...rt.dll
windows7-x64
1ImportExpo...rt.dll
windows10-2004-x64
1Inspectors...on.dll
windows7-x64
1Inspectors...on.dll
windows10-2004-x64
1Inspectors...or.dll
windows7-x64
1Inspectors...or.dll
windows10-2004-x64
1General
-
Target
FiddlerSetup.5.0.20242.10753-latest.exe
-
Size
4.4MB
-
Sample
241010-l2tnsaygkk
-
MD5
78537045a5e032d4ac93514f027c7a47
-
SHA1
5b6e705b20652c0cf39ee890013b9b8e8ad26b07
-
SHA256
06812518a722af6f98fbd8c3a5ace0cad1c6d53477972618728e64bafcbc948c
-
SHA512
8fee84a791ae85175b7d61b54c66fc47abd4e231b7194779d2213f94c388b23e3f8e0408a1f29856b2a0404d824f17858f6b0676f6a1656428424665658c4a47
-
SSDEEP
98304:pNB6cDqnTgnRkidZ7C0eNGyJW3lE4RrtRmrpIZhGuul38YR7O8sOKduG8xOvC:pNRdnRkgCNGyJ/IJYR7vsOKwGYO
Static task
static1
Behavioral task
behavioral1
Sample
FiddlerSetup.5.0.20242.10753-latest.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
FiddlerSetup.5.0.20242.10753-latest.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/FiddlerSetup.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/FiddlerSetup.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
Analytics.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
Analytics.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
Be.Windows.Forms.HexBox.dll
Resource
win7-20240708-en
Behavioral task
behavioral10
Sample
Be.Windows.Forms.HexBox.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
DotNetZip.dll
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
DotNetZip.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
EnableLoopback.exe
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
EnableLoopback.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
ExecAction.exe
Resource
win7-20240708-en
Behavioral task
behavioral16
Sample
ExecAction.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
FSE2.exe
Resource
win7-20241010-en
Behavioral task
behavioral18
Sample
FSE2.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
Fiddler.exe
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
Fiddler.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
ForceCPU.exe
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
ForceCPU.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
GA.Analytics.Monitor.dll
Resource
win7-20240708-en
Behavioral task
behavioral24
Sample
GA.Analytics.Monitor.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
ImportExport/BasicFormats.dll
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
ImportExport/BasicFormats.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
ImportExport/VSWebTestExport.dll
Resource
win7-20240708-en
Behavioral task
behavioral28
Sample
ImportExport/VSWebTestExport.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
Inspectors/QWhale.Common.dll
Resource
win7-20241010-en
Behavioral task
behavioral30
Sample
Inspectors/QWhale.Common.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
Inspectors/QWhale.Editor.dll
Resource
win7-20240903-en
Behavioral task
behavioral32
Sample
Inspectors/QWhale.Editor.dll
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
FiddlerSetup.5.0.20242.10753-latest.exe
-
Size
4.4MB
-
MD5
78537045a5e032d4ac93514f027c7a47
-
SHA1
5b6e705b20652c0cf39ee890013b9b8e8ad26b07
-
SHA256
06812518a722af6f98fbd8c3a5ace0cad1c6d53477972618728e64bafcbc948c
-
SHA512
8fee84a791ae85175b7d61b54c66fc47abd4e231b7194779d2213f94c388b23e3f8e0408a1f29856b2a0404d824f17858f6b0676f6a1656428424665658c4a47
-
SSDEEP
98304:pNB6cDqnTgnRkidZ7C0eNGyJW3lE4RrtRmrpIZhGuul38YR7O8sOKduG8xOvC:pNRdnRkgCNGyJ/IJYR7vsOKwGYO
-
Checks for common network interception software
Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
$PLUGINSDIR/FiddlerSetup.exe
-
Size
4.3MB
-
MD5
5d96b95b066d797c7c468d125882ddcf
-
SHA1
8a130db5e4f6207b70939c5007d6689c22378c7d
-
SHA256
7ea1a09eeab47eb4658938bf4a023c6231de726ad076fde189c3383ffb4091fe
-
SHA512
fd746263b0aad96e90468aac664a3f02af20c2291e03138cf201d68036bd8ce26cc36b5fdc4e97ae5f93c65a5660de91988e3ee7156359de509fea9b4308550a
-
SSDEEP
98304:uB6cDqnTgnRkidZ7C0eNGyJW3lE4RrtRmrpIZhGuul38YR7O8sOKduG8xOvC:uRdnRkgCNGyJ/IJYR7vsOKwGYO
-
Checks for common network interception software
Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
4add245d4ba34b04f213409bfe504c07
-
SHA1
ef756d6581d70e87d58cc4982e3f4d18e0ea5b09
-
SHA256
9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706
-
SHA512
1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d
-
SSDEEP
192:VjHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZv0QPi:B/Qlt7wiij/lMRv/9V4bvr
Score3/10 -
-
-
Target
Analytics.dll
-
Size
32KB
-
MD5
1c2bd080b0e972a3ee1579895ea17b42
-
SHA1
a09454bc976b4af549a6347618f846d4c93b769b
-
SHA256
166e1a6cf86b254525a03d1510fe76da574f977c012064df39dd6f4af72a4b29
-
SHA512
946e56d543a6d00674d8fa17ecd9589cba3211cfa52c978e0c9dab0fa45cdfc7787245d14308f5692bd99d621c0caca3c546259fcfa725fff9171b144514b6e0
-
SSDEEP
384:gpeCB0nVQ/EMq7+Zi9nQwnHgfLtVUEoBXejF6XFlnwnYPLYyTcGq1y2h33XcQ7:/U0VQMMrZi9QiHWtVxOFxwxGqXR7
Score1/10 -
-
-
Target
Be.Windows.Forms.HexBox.dll
-
Size
60KB
-
MD5
e6f7b8c5ec4d1543eaa7f5d148c6327c
-
SHA1
61a5bf82b4f7da4040f76e7aec4b4b5fe0c544ec
-
SHA256
bbfd21490a4be96e1a44a92e39406e87978aea1fc58b603702e4e21a143dd89e
-
SHA512
6f4516677937f6d58d250f7b6a50f3815691f84ac17e455dd09dc6d4ecc215a8a8ea000706885c858708603223661908067ed36c037766a52d15f2eb33af1fc4
-
SSDEEP
1536:/KS4Z+5ZUOxinOGm7kF5Gw5qQ0DaK/nbL0LolKo4I/AhYe:T4ZkiHOGT0Dpf08Bve
Score1/10 -
-
-
Target
DotNetZip.dll
-
Size
449KB
-
MD5
11bbdf80d756b3a877af483195c60619
-
SHA1
99aca4f325d559487abc51b0d2ebd4dca62c9462
-
SHA256
698e4beeba26363e632cbbb833fc8000cf85ab5449627bf0edc8203f05a64fa1
-
SHA512
ad9c16481f95c0e7cf5158d4e921ca7534f580310270fa476e9ebd15d37eee2ab43e11c12d08846eae153f0b43fba89590d60ca00551f5096076d3cf6aa4ce29
-
SSDEEP
6144:WuCIjULqwIvFC/scNRmglrCYc9vnIJtrGtSV41kJDsTDDfiSLe6XOxLV/f:kDLZrPtLWn7S4csHiSe6+ff
Score1/10 -
-
-
Target
EnableLoopback.exe
-
Size
82KB
-
MD5
ea240c9d733ad54a79faaca19ba8d376
-
SHA1
2c1d1b3aa6aec6e6e7af7f64637029971a37ba77
-
SHA256
2c2aa55ab99b5a34eb78ded93e46c4d5fef44077847281e124473c20de5cf165
-
SHA512
d3815bf7b5af7aa5dbf717f404bdac9538adeaff57cf6ec38c3724d7179fb1f31231009941a671bdd15516e47ff346afa8738bc399c4e57cb840def6821f6464
-
SSDEEP
768:JyEI16zcI2eTcvE+m/ljPb0O7/Al25znrSh7A+g4CqnZ86qmmlk8x3Oqxf1mlZxd:K1H50wOLFzrSh7QwZhxmlk8xDfInfZ
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
ExecAction.exe
-
Size
19KB
-
MD5
519310853c0ee273a3f8787d7518dd2e
-
SHA1
22c4e25c4c4c2b5654d05cd6a1e737c6bcb588d8
-
SHA256
a23c852d3ed4148044708925e56e17246cdb88d6ecaaa375503fa1f915ba1272
-
SHA512
30e51202416ab2d0bac9cd294d08c12d7973e75696283b1823c6442033698f85075d14dcd79fb1f56886f4491981b1e278d3a506e5e458a1eee6bb372d5e683d
-
SSDEEP
192:ZsCrRJUlWDSnYe+PjPxucwwSoDvucwwfih5H0JOqxEV1a//bZ28WhTEn:GGOZnYPLxoAjo4S+JNY1cAhhY
Score1/10 -
-
-
Target
FSE2.exe
-
Size
50KB
-
MD5
7a8df7276257139271a09a8947da44e5
-
SHA1
965c788156e2e29b6d1012430afee0cad13093b0
-
SHA256
8b0b9859af32d467fb7031ac8164779ffdb274cdaff959d89d11a65a365c8e12
-
SHA512
2769f62f0de76726c33cb0eae42c933806ddceae6c1f97d16302c575a8955fe33d4388824ca2a2c1269b09755e42b82fa5dceca825bd19e3e83ed43f97ca1f79
-
SSDEEP
768:ShiPG/qCn02KhWZH8Ufrg04g0r/pECkG9wR:KzrnKhWZH5frgc1R
Score3/10 -
-
-
Target
Fiddler.exe
-
Size
3.5MB
-
MD5
32cf2e7c6ae825d5f7cb2a7d39c2ee24
-
SHA1
262176d879e7727375025cae4aafc90698adad26
-
SHA256
d7ea71114bfe70383c1ac2be6dd19676805a0afb6e20c0ad3000018afad093e5
-
SHA512
a72e70f1a11d4443aedc56a2453cb3ed05bd8106b0e906364f23f01098a378440d2d86ac15f6d98ceedfe18b0a60d80f6806300b390c2969c3de97cb380b82c2
-
SSDEEP
49152:0Ms91NvXsJm+5Tti9og1fcaufet3YG5kCTnEsRH0jgB3:RsfNvXsJm+5TtiTMfeJnEsRHAgt
Score3/10 -
-
-
Target
ForceCPU.exe
-
Size
19KB
-
MD5
b982a103b0d4e0db856026a163124bf3
-
SHA1
40772be00068bbd394ff0fccd551151a822f3e70
-
SHA256
2d209c2b823e350c1f1661f87a3a013804302477afe56877f94adbafe7a2e06d
-
SHA512
214ecdf348e2093e91a489c0541f05eb3356e2531c1840a99d9f727caf1130f5041ccbc6356a7bc31fb4dece927d3fee2fa9e4689d2badbe680fd40104a9d327
-
SSDEEP
192:fHtIemmfltxD5WLtWwiyT5hNGnYe+PjPxucwwyibSucwwQJk35H0JOqxEV1a//bG:xD5WLZ5qnYPLxoDfoDg+JNY1cAhhv
Score1/10 -
-
-
Target
GA.Analytics.Monitor.dll
-
Size
52KB
-
MD5
6f9e5c4b5662c7f8d1159edcba6e7429
-
SHA1
c7630476a50a953dab490931b99d2a5eca96f9f6
-
SHA256
e3261a13953f4bedec65957b58074c71d2e1b9926529d48c77cfb1e70ec68790
-
SHA512
78fd28a0b19a3dae1d0ae151ce09a42f7542de816222105d4dafe1c0932586b799b835e611ce39a9c9424e60786fbd2949cabac3f006d611078e85b345e148c8
-
SSDEEP
768:7su21mzJ3+LDDke5WcsvOvHOQ+5bQZdKXJccxYi:7qmByvke5Wcs22QRGKLi
Score1/10 -
-
-
Target
ImportExport/BasicFormats.dll
-
Size
112KB
-
MD5
c9082ffd90962aac6d73d4f15d6803cb
-
SHA1
c22fc9a534c9560870c9a0a8d7c694788c69fa8c
-
SHA256
7f3ea7caf5d43f610b9ad20f3f09796847e4b8f4582dc6ff94029194e8905e0a
-
SHA512
96bf93650a007c1dbf197a849977b8bb574fa89fd9eb316f906f46b2194473347ecacbab572a4dfb7ffe0987d44caa29312a7b1fbc3d8f14a6a0bda14e5e86e2
-
SSDEEP
3072:z5zlHe5PmFt6DRIn9TQupG9c1rERA1TenjV++HOHbIE:rlUJ2g
Score1/10 -
-
-
Target
ImportExport/VSWebTestExport.dll
-
Size
44KB
-
MD5
7ee8a7354eff978914cfbe88620fa15f
-
SHA1
28cb0017666f583011e4cdc28496359d0ef2721f
-
SHA256
4b990716c98167940986b1d219ea7d60bc8ff11eb0a325cf52f8706d2759a32d
-
SHA512
8db5641837a64b3310f7b05ebb648c5bab2d8b51afabbdc5fe08011eb664516c0ca9e1bec8520870f121cb3a2b62c380933684237a2810f096fb70065a55abb8
-
SSDEEP
768:HbJ9YyrdngCT7Enn/IRXILJtGiU83aT7TTox1qxf1mlZxfmK:FyEI/LtrU83aXoxKfInfm
Score1/10 -
-
-
Target
Inspectors/QWhale.Common.dll
-
Size
192KB
-
MD5
ac80e3ca5ec3ed77ef7f1a5648fd605a
-
SHA1
593077c0d921df0819d48b627d4a140967a6b9e0
-
SHA256
93b0f5d3a2a8a82da1368309c91286ee545b9ed9dc57ad1b31c229e2c11c00b5
-
SHA512
3ecc0fe3107370cb5ef5003b5317e4ea0d78bd122d662525ec4912dc30b8a1849c4fa2bbb76e6552b571f156d616456724aee6cd9495ae60a7cb4aaa6cf22159
-
SSDEEP
1536:jnPlSpsvrGlP3wYeBKpqmSNbgM9ZtZLZQErK3PmIDXRtFhCj6ocpjyc44lc:rlSpsnQCg4ZtZmECfRtF0cpjy94lc
Score1/10 -
-
-
Target
Inspectors/QWhale.Editor.dll
-
Size
816KB
-
MD5
eaa268802c633f27fcfc90fd0f986e10
-
SHA1
21f3a19d6958bcfe9209df40c4fd8e7c4ce7a76f
-
SHA256
fe26c7e4723bf81124cdcfd5211b70f5e348250ae74b6c0abc326f1084ec3d54
-
SHA512
c0d6559fc482350c4ed5c5a9a0c0c58eec0a1371f5a254c20ae85521f5cec4c917596bc2ec538c665c3aa8e7ee7b2d3d322b3601d69b605914280ff38315bb47
-
SSDEEP
12288:vC84TFHhCRR87er17m62l/YpMVuRWGoN0ty6B:vC9T+R87er325wMVuRaGtPB
Score1/10 -
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1