Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
392ec0fdda5...fd.exe
windows7-x64
1092ec0fdda5...fd.exe
windows10-2004-x64
10$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...ec.dll
windows7-x64
3$PLUGINSDI...ec.dll
windows10-2004-x64
3$_2_/pingu...ll.exe
windows7-x64
7$_2_/pingu...ll.exe
windows10-2004-x64
7General
-
Target
07bfab28b65a059dcb96c7ee7b0d3d66ab533049c7a537ce902665720bb47249
-
Size
204KB
-
Sample
241121-yme83azpen
-
MD5
38f465924299f11447930a236933eceb
-
SHA1
c85474277c43c25719e76ffd8778b18e3c479dd7
-
SHA256
07bfab28b65a059dcb96c7ee7b0d3d66ab533049c7a537ce902665720bb47249
-
SHA512
950b841e42e541eac794d9f845e072c46507be9b0a00e1b6297124ac43c80954ff1671314c130442d5ea2ae910c305adabf734dc8454b5540926ca383d1af8af
-
SSDEEP
3072:db60u4NKg+27UGMcH7fdaqRBsFte38g1HLCyfDcEiTyoPOTfqa:db6n4N3BUI7BsFte38g1rfcELp
Static task
static1
Behavioral task
behavioral1
Sample
92ec0fdda57232d435885971959cc65ede66e19f7ea7673798e97344008369fd.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
92ec0fdda57232d435885971959cc65ede66e19f7ea7673798e97344008369fd.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240729-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
$_2_/pinguino-uninstall.exe
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
$_2_/pinguino-uninstall.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
xloader
2.3
pb93
covidlawyersnj.com
zhgxzdh.com
mydomainaccounts.com
uniq.plus
snehapoorvam.com
anj-tradingltd.com
orderinglogin.com
1660688.com
cazconstructionservices.com
yildizwestern.com
futchampionz.com
starbritesmiles.com
viralxch.com
bandmanwiththeheadband.com
teachertechia.net
provenfitness.club
regentpublicity.net
meghaminz.com
mysuperdrink.com
redtomatoes.club
chicboreal.com
transferpricingautomation.com
konecationsystems.net
takeyourownheadshots.net
zhangzhengxi.com
dgbaisi.com
fanamshoes.com
acuitydemo.net
site123web.com
buddycritic.com
hearthenspeak.com
theslinglife.com
qqoutdoor.com
enablingservices.net
casinofredag.com
kazimark.com
holyskeptic.com
ilovebrowz.com
millevite.com
livrosdigitais.life
blairinsuranceservices.com
stm32heaven.com
wpstarter.tech
shivasonsgroup.com
readingisthenewblack.com
brendanandmary.com
tcgdmold.com
topbrandsport.com
scoolgirl.com
vigorouswillpower-group.com
checkripe.com
aktilestraders.com
criminalwomen.com
blackflexcellencefitness.com
beyondthespills.com
trumbullstudent.com
paralelevrencr.net
mimik33.info
capitaleaseusa.com
24k88cashfish.com
ilikesupersport.com
hairgrowinggenius.com
allianzworldwidepartners.sucks
ahfabhgbhkad24575.com
secured-connected.com
Targets
-
-
Target
92ec0fdda57232d435885971959cc65ede66e19f7ea7673798e97344008369fd
-
Size
216KB
-
MD5
d3e4488ee4f30b87b4ff5aa8d517f526
-
SHA1
1113830356c3c941f5e7cbbb6e546b2d1401ced0
-
SHA256
92ec0fdda57232d435885971959cc65ede66e19f7ea7673798e97344008369fd
-
SHA512
d6a06dab2949b18b928d91ff226c86bc4b2a2963f595a2db4a00c02fce71a46e8e98bdfc4e1d4d7b2f77e2526eef320f25d786bc2f699f1f732992634e25d100
-
SSDEEP
6144:gsu5HeyqxoIzX9ZP9GlA4DgIuuZyQXTxWXrI:25QiIztvGUIzyQmI
-
Xloader family
-
Xloader payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
c17103ae9072a06da581dec998343fc1
-
SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
-
SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
-
SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
-
SSDEEP
192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score3/10 -
-
-
Target
$PLUGINSDIR/nsExec.dll
-
Size
6KB
-
MD5
acc2b699edfea5bf5aae45aba3a41e96
-
SHA1
d2accf4d494e43ceb2cff69abe4dd17147d29cc2
-
SHA256
168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e
-
SHA512
e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe
-
SSDEEP
96:M7GUb+YNfwgcr8zyKwZ5S4JxN8BS0ef9/3VI9d0qqyVgNk32E:eKgfwgcr8zylsB49Ud0qJVgNX
Score3/10 -
-
-
Target
$_2_/pinguino-uninstall.exe
-
Size
33KB
-
MD5
2c1e33a40e471bc65c770106213e194a
-
SHA1
b74f3a5a485c3bc289e9301f9da8a798c2ea096c
-
SHA256
6c5934471282e97be87ef28c948ba2481e015a0df5194315d83c2bfc8035760c
-
SHA512
4cf1cb9ab0bb9a81464de91f9d3e379d3550b47baad791ceb9c52a877a5d4ec8c8e4e430a44da5f9a4f119d02904f99ada8914ba06356cb73b1f7ce185423a4b
-
SSDEEP
768:AV1cVhpQI2EQK0iPDh84nScF15GYbWjXO3XJqJRn+xo:gQpQ5EP0ijnRTXJ/xo
Score7/10-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-