Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

lossless scaling.zip

windows7-x64

10

lossless scaling.zip

windows10-2004-x64

1

lossless s...ng.exe

windows7-x64

10

lossless s...ng.exe

windows10-2004-x64

10

lossless s...ne.reg

windows7-x64

1

lossless s...ne.reg

windows10-2004-x64

1

lossless s...CK.txt

windows7-x64

1

lossless s...CK.txt

windows10-2004-x64

1

lossless s...rr.xml

windows7-x64

3

lossless s...rr.xml

windows10-2004-x64

1

lossless s...il.sys

windows7-x64

3

lossless s...il.sys

windows10-2004-x64

3

lossless s...le.dll

windows7-x64

1

lossless s...le.dll

windows10-2004-x64

1

lossless s...ss.dll

windows7-x64

1

lossless s...ss.dll

windows10-2004-x64

1

lossless s...ng.exe

windows7-x64

3

lossless s...ng.exe

windows10-2004-x64

1

lossless s...xe.xml

windows7-x64

3

lossless s...xe.xml

windows10-2004-x64

1

lossless s...es.dll

windows7-x64

1

lossless s...es.dll

windows10-2004-x64

1

lossless s...es.dll

windows7-x64

1

lossless s...es.dll

windows10-2004-x64

1

lossless s...ig.ini

windows7-x64

1

lossless s...ig.ini

windows10-2004-x64

1

lossless s...es.dll

windows7-x64

1

lossless s...es.dll

windows10-2004-x64

1

lossless s...es.dll

windows7-x64

1

lossless s...es.dll

windows10-2004-x64

1

lossless s...es.dll

windows7-x64

1

lossless s...es.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    93s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/01/2025, 10:15 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    lossless scaling/language/uk-UA/LosslessScaling.exe

  • Size

    953KB

  • MD5

    2c98d33096e97094cbbbd19f27f40883

  • SHA1

    7e28af9d119d2658f962e3b28140c6081be1612b

  • SHA256

    010ac1120a88a772e87d9e9018aa5db034a9bac9399803d4a7c4db3c47a71df6

  • SHA512

    f9070ad6b2e3295fdde13aa8d7486147a7f9a675a924ad3bf117479baf5b573cf92650199e58378dd8345a28ab890bbd5021d374030c24836bfa65bb037dddc7

  • SSDEEP

    12288:ApDJEDS4MCLSyf6mOuGyW38yHJc+CKtOaO5Z7WhawnzE4ZbuRCwmhI2J+0sDgwl1:btMCLPf1Oi32OvzGo4ZiRlT/sN0

Score
1/10

Malware Config

Signatures

  • Modifies Control Panel 1 IoCs
    evasion
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\lossless scaling\language\uk-UA\LosslessScaling.exe
    "C:\Users\Admin\AppData\Local\Temp\lossless scaling\language\uk-UA\LosslessScaling.exe"
    1⤵
    • Modifies Control Panel
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:1264

Network

  • flag-us
    DNS
    58.55.71.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    58.55.71.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.214.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.214.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    13.86.106.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.86.106.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    232.168.11.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    232.168.11.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    53.210.109.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    53.210.109.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    241.42.69.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.42.69.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    182.129.81.91.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    182.129.81.91.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    31.243.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    31.243.111.52.in-addr.arpa
    IN PTR
    Response
No results found
  • 8.8.8.8:53
    58.55.71.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    58.55.71.13.in-addr.arpa

  • 8.8.8.8:53
    172.214.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.214.232.199.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    13.86.106.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    13.86.106.20.in-addr.arpa

  • 8.8.8.8:53
    232.168.11.51.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    232.168.11.51.in-addr.arpa

  • 8.8.8.8:53
    53.210.109.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    53.210.109.20.in-addr.arpa

  • 8.8.8.8:53
    241.42.69.40.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    241.42.69.40.in-addr.arpa

  • 8.8.8.8:53
    182.129.81.91.in-addr.arpa
    dns
    72 B
     147 B
     1
    1

    DNS Request

    182.129.81.91.in-addr.arpa

  • 8.8.8.8:53
    31.243.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    31.243.111.52.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Lossless Scaling\Settings.xml
    Filesize

    2KB

    MD5

    45fed0a3bcbc889ca99d0c5943210e7e

    SHA1

    602584366a413cb9ae459b6c3231190cd787241e

    SHA256

    9812fe8104a86e693d6baa02a4cdb56ea9a4aedb500b050346eb5ec6bda8dd09

    SHA512

    d0728fcce9484daedb2c9552ee2a818f7cccbeb1e9bca24a1c4fc1ca6e8c181c46cdc89670bfee3d6ad219ea6f69750bd03f776af4f9e4667872c66c11dbd255

    Download Submit

  • memory/1264-9-0x000002394BEB0000-0x000002394BF62000-memory.dmp

    Filesize

    712KB

    Download

  • memory/1264-11-0x000002394BFA0000-0x000002394BFD8000-memory.dmp

    Filesize

    224KB

    Download

  • memory/1264-3-0x00000239498B0000-0x00000239498D6000-memory.dmp

    Filesize

    152KB

    Download

  • memory/1264-4-0x000002392F8B0000-0x000002392F8B8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1264-5-0x000002392F8C0000-0x000002392F8CA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1264-6-0x00007FF9430B0000-0x00007FF943B71000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1264-7-0x00007FF9430B0000-0x00007FF943B71000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1264-0-0x00007FF9430B3000-0x00007FF9430B5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1264-2-0x0000023948050000-0x0000023948136000-memory.dmp

    Filesize

    920KB

    Download

  • memory/1264-12-0x00007FF9430B0000-0x00007FF943B71000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1264-10-0x000002394C020000-0x000002394C0DA000-memory.dmp

    Filesize

    744KB

    Download

  • memory/1264-13-0x000002394C7D0000-0x000002394C7D8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1264-14-0x00007FF9430B0000-0x00007FF943B71000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1264-16-0x000002394C6F0000-0x000002394C6FE000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1264-1-0x000002392D9E0000-0x000002392DAD4000-memory.dmp

    Filesize

    976KB

    Download

  • memory/1264-32-0x00007FF9430B3000-0x00007FF9430B5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1264-33-0x00007FF9430B0000-0x00007FF943B71000-memory.dmp

    Filesize

    10.8MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.