Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
9Static
static
31999c56ab4...5N.exe
windows7-x64
91999c56ab4...5N.exe
windows10-2004-x64
9$PLUGINSDI...ls.dll
windows7-x64
3$PLUGINSDI...ls.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...ls.dll
windows7-x64
3$PLUGINSDI...ls.dll
windows10-2004-x64
3General
-
Target
1999c56ab4a4e37c0c4b35f1a859926b1a5c082a12167106de4f955de3f83d25N
-
Size
4.8MB
-
Sample
241025-19vndawhrn
-
MD5
e1d7dfae08dca6d49b66d1db5cc86420
-
SHA1
372b9c07d696ce64a730c15024b703b5c4aface9
-
SHA256
1999c56ab4a4e37c0c4b35f1a859926b1a5c082a12167106de4f955de3f83d25
-
SHA512
c5ebff1cf9d4c84a00453c0d605da6bc5cbb7eb3d87073e0d7a460597e57fa15c4365c6451ddab570882366fc2eccf82d3c195d260285b59323789314a908bf8
-
SSDEEP
98304:6er41/K+t3tr1G3LeVAYA3NAEHZYhGOHsY07ZXLAPL+C3c1A:6es1CwVAlNAoYh/u5LArsW
Static task
static1
Behavioral task
behavioral1
Sample
1999c56ab4a4e37c0c4b35f1a859926b1a5c082a12167106de4f955de3f83d25N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
1999c56ab4a4e37c0c4b35f1a859926b1a5c082a12167106de4f955de3f83d25N.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/WrapperUtils.dll
Resource
win7-20241010-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/WrapperUtils.dll
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
1999c56ab4a4e37c0c4b35f1a859926b1a5c082a12167106de4f955de3f83d25N
-
Size
4.8MB
-
MD5
e1d7dfae08dca6d49b66d1db5cc86420
-
SHA1
372b9c07d696ce64a730c15024b703b5c4aface9
-
SHA256
1999c56ab4a4e37c0c4b35f1a859926b1a5c082a12167106de4f955de3f83d25
-
SHA512
c5ebff1cf9d4c84a00453c0d605da6bc5cbb7eb3d87073e0d7a460597e57fa15c4365c6451ddab570882366fc2eccf82d3c195d260285b59323789314a908bf8
-
SSDEEP
98304:6er41/K+t3tr1G3LeVAYA3NAEHZYhGOHsY07ZXLAPL+C3c1A:6es1CwVAlNAoYh/u5LArsW
-
Checks for common network interception software
Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
$PLUGINSDIR/StdUtils.dll
-
Size
14KB
-
MD5
21010df9bc37daffcc0b5ae190381d85
-
SHA1
a8ba022aafc1233894db29e40e569dfc8b280eb9
-
SHA256
0ebd62de633fa108cf18139be6778fa560680f9f8a755e41c6ab544ab8db5c16
-
SHA512
95d3dbba6eac144260d5fcc7fcd5fb3afcb59ae62bd2eafc5a1d2190e9b44f8e125290d62fef82ad8799d0072997c57b2fa8a643aba554d0a82bbd3f8eb1403e
-
SSDEEP
192:OFb8Y8oqy2mqZc9hGBQHRx39oRxmMvURkB/Fs:qb8Y8nKqohGBKxox9vURw/a
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
00a0194c20ee912257df53bfe258ee4a
-
SHA1
d7b4e319bc5119024690dc8230b9cc919b1b86b2
-
SHA256
dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3
-
SHA512
3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667
-
SSDEEP
192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score3/10 -
-
-
Target
$PLUGINSDIR/WrapperUtils.dll
-
Size
69KB
-
MD5
7a18f06f0935a9e98a14d47d77064573
-
SHA1
58b12858557fb39cf876b6e76e585cf581b53590
-
SHA256
422a61da2bedfdc8167cb022b4b5e0ff8588dc1e6bd40b3c4ba97588836f1b0f
-
SHA512
356fa81d066db57054d5477e96d12ca9a5e9639731c06d61dc320dc52bf6054f603523e2da3751a96a4608dc19c20868ed3573ccdf3d32bef025035770a434e6
-
SSDEEP
768:dJth4u4E/+yJnKl10V/LEWg1RwrBqIiUqP0C5NKZc1WGJ84sWjcdQ4no1O4v3oW+:giJnKlefVQIiqc1C4sWjcd8O4/oW+
Score3/10 -
MITRE ATT&CK Enterprise v15
Persistence
Browser Extensions
1Event Triggered Execution
1Component Object Model Hijacking
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1