Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

10

Assets/Aud...e2.ps1

windows7-x64

6

Assets/Aud...e2.ps1

windows10-2004-x64

6

Engine.dll

windows7-x64

1

Engine.dll

windows10-2004-x64

1

EntitySystem.dll

windows7-x64

1

EntitySystem.dll

windows10-2004-x64

1

LiteNetLib.dll

windows7-x64

1

LiteNetLib.dll

windows10-2004-x64

1

MessagePac...ns.dll

windows7-x64

1

MessagePac...ns.dll

windows10-2004-x64

1

MessagePack.dll

windows7-x64

1

MessagePack.dll

windows10-2004-x64

1

Microsoft....es.dll

windows7-x64

1

Microsoft....es.dll

windows10-2004-x64

1

Microsoft....ls.dll

windows7-x64

1

Microsoft....ls.dll

windows10-2004-x64

1

Newtonsoft.Json.dll

windows7-x64

1

Newtonsoft.Json.dll

windows10-2004-x64

1

OpenAL/x64...32.dll

windows7-x64

1

OpenAL/x64...32.dll

windows10-2004-x64

1

OpenAL/x86...32.dll

windows7-x64

3

OpenAL/x86...32.dll

windows10-2004-x64

3

OpenTK.dll

windows7-x64

1

OpenTK.dll

windows10-2004-x64

1

Survivalcraft.exe

windows7-x64

1

Survivalcraft.exe

windows10-2004-x64

1

System.Buffers.dll

windows7-x64

1

System.Buffers.dll

windows10-2004-x64

1

System.Col...le.dll

windows7-x64

1

System.Col...le.dll

windows10-2004-x64

1

System.Memory.dll

windows7-x64

1

System.Memory.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Survivalcraft_Multiplayer_x23.06.02b3_2.3_VD.zip

  • Size

    19.4MB

  • Sample

    250106-pfn3ysylcn

  • MD5

    b560f7ee9caf53a04d656fbc38c6daaa

  • SHA1

    5b759b54a0833b544bfaed4af9203ba48ede2d5a

  • SHA256

    74d605f499761efb73eb2e3b38b54383bf3c80511984a9908ff8eee23dc66f78

  • SHA512

    6cf06b40332051f8b54c9888dff5d62ae74aab897d5caf607f6f7293c6641fdebdaf7a2df865b5b2d53860912d8049f8d9265a0a314a7ed0cdeb7007f985b35c

  • SSDEEP

    393216:JTkoono2UadEifu1fyaw77EqIel7Pab0OuqzQ/LfmmXbdua1YoDR6:Ono2pffmfg7n7xaluqzSLfmqs+zDw

Score
10/10
warmcookiebackdoordiscoveryexecution

Malware Config

Extracted

Family

warmcookie

Targets

    • Target

      Assets/Audio/Creatures/Moose/Moose2.wav

    • Size

      21KB

    • MD5

      103390a32f727ba50eb75248803a1b14

    • SHA1

      666247d525deeb6edf12388703a2413a38a04d79

    • SHA256

      faaf70fef31d8d18c913cba8bbf0f60930231537544c6189f07c00d5350f3e82

    • SHA512

      9cec79833d9193c2960c13915f208b08446073cba5cbd6fece37ba19221c0462f33357833cdfc171343e07bd5f35d4b5a0e003868e2550dd67c8af83cc5a2d66

    • SSDEEP

      384:tg0YDTuph4qV6ShFyFBizLSUTu5qYqjO3tfKiCySWvQch5l6j2nlQi4jR8NhmmdC:S7HghVRhFCBizLSUTu5/VJKiCvW4cRmF

    Score
    6/10
    execution

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution
    behavioral1behavioral2

    • Target

      Engine.dll

    • Size

      550KB

    • MD5

      a70c15cc5defae4ebee43c41506fe3f2

    • SHA1

      9d924869707030048d5138531afdbe97f218bcaf

    • SHA256

      d4f5a3d84cd3b1dd0ae0fd85b35c15053a02ad67c29a9d80b01e3f777beaf16a

    • SHA512

      df7cd12b360f92fa4b481d973e6180910c020d7bb0a307bf2c5f32630d7bb1d2b3c50df2c2f14ecfa1bf17ad469db67e28445bd95e0078f0fa48d4c5f0196a92

    • SSDEEP

      12288:435tO6q2nswLXOa91L/AEro0C4uL2ZlH:m5g2nsPa91bAErzCb2ZlH

    Score
    1/10
    behavioral3behavioral4

    • Target

      EntitySystem.dll

    • Size

      59KB

    • MD5

      e6f72a78e21ef390cb09fef4b747e74e

    • SHA1

      cdd3325e64ce2eff6c7db7e640753dcec447e672

    • SHA256

      eb21f12f780cacc6f5e333100ddaccd270ee22c48b43a2e9d15607d8d4f83a0b

    • SHA512

      543641234ea49b15e92db1b11bdb14f976b549ff165639671a215fe93090b416d6e45e67a05f1647b974c219cd3e46c7600fbf59fc96486b3e34d8e67d8b1f9a

    • SSDEEP

      1536:k8FmxLbYuFmGETQognNPRdCG5ivobE4T6T:jmxLVo9LgndPivL46

    Score
    1/10
    behavioral5behavioral6

    • Target

      LiteNetLib.dll

    • Size

      96KB

    • MD5

      cf1d20f1d611346b25ad584e11659068

    • SHA1

      f2c0b3ed1067c49ba365b32a6c4bd43cfac50cda

    • SHA256

      7abb957e7aed65f90ae695b0b25c1666d348c347c4352b2e0c19504dead1f32f

    • SHA512

      a1bcc82de5389c2c17e9cc996f5aa4d00abf690373d84e699f468675b93485139e50f2183eefe9aaec5ae491cc91f6d2811c8ee0905519fb4bdeaa2196431b80

    • SSDEEP

      1536:GJDK8lNBdVHz5vaQ43HriUGHDrQWoitEqsO/46MJmOrrW:8WONRz5vG3LWwqs5PJmOG

    Score
    1/10
    behavioral7behavioral8

    • Target

      MessagePack.Annotations.dll

    • Size

      9KB

    • MD5

      d1959220be974f263f6471d636fe222c

    • SHA1

      1e854ca2712537c29461654bd9b0f34536747dea

    • SHA256

      e375a9a83206c08b9f0d4a6cc5cc5df480368a545f5cce7bc5bca0b004b58d5a

    • SHA512

      9bc06317267ef82ea29fb7c9586f8f6645c467bdaac3ae4a782aad4cced86ca3f070e26bad4e4e0d6a292adb4af30211799229b0e15504d523e9fdcb15152f59

    • SSDEEP

      192:U7myDQK85v++Aov0JUafy0/k9IHM6nCcKcpW:2c31++rv0J1y089/c7pW

    Score
    1/10
    behavioral10behavioral9

    • Target

      MessagePack.dll

    • Size

      304KB

    • MD5

      d75cff48417029da9dd6c139efb9db4a

    • SHA1

      ab9890f66216d0e587e11e7e735b88a2f727c324

    • SHA256

      db944b093698eb445c8d2f343a4a422272354d1091b0114aec8665d0f6eb0578

    • SHA512

      4791bf3fe0d68cf4c53af319b6a4e47beaaba090af388c9b4146f990eb793c5bbcc2894c824d35a7c78e940fde599638d518a4c88c3ab0bdca32f52f03d83006

    • SSDEEP

      6144:UT/EMExa2EZF1SlFOK0aDeqBoFTKfTwoTo:U4X0Pv1iR0aDFo9yhM

    Score
    1/10
    behavioral11behavioral12

    • Target

      Microsoft.Bcl.AsyncInterfaces.dll

    • Size

      21KB

    • MD5

      48efe61d6ca3054309907b532d576d2a

    • SHA1

      f36403aabb16540c93fb35245ec0b4e435628aae

    • SHA256

      295af2142d9214f3fd84eafe4778dca119be7e0229f14b6ba8d5269c2f1e2e78

    • SHA512

      778e7c4675d8fde9e083230213d2efa19aa6924fe892ed74fa1ea2ec16743bb14b99b51856e75eaef632d57be7f36dd1bc7ce39a7c2b0435b2f3211bb19836a3

    • SSDEEP

      384:O/9b512C4dABe070VJI0Ftdalemxxf34wqsWeb/WjR/uPHRN7Y5slu6o:O/f1IDjV9UPPpWRMkT

    Score
    1/10
    behavioral13behavioral14

    • Target

      Microsoft.NET.StringTools.dll

    • Size

      29KB

    • MD5

      b65c93a5efb116d5563d7bf546cac04c

    • SHA1

      72a696a454a480581af781cb441404d4bf739b10

    • SHA256

      0598538758046ded29e8ad24cfc8980b129c7db9c608b26e9936aa79750c3d94

    • SHA512

      241c0e96ab7d6db2841db703139d5d370371dff57c2ab5da7df586766e703117844a2a823edb2e35ef13d13051281d7456dab01c9a968b1c70a0ee4693fee6a3

    • SSDEEP

      384:2mY7K6qmI2lP8mp7l+DuQ9SEp/oK2OaYFVZY/tVm+SAJS4IWeCzWZiXvHRN7Ea2Q:dd6q2l0URAqK2ODCtrSqbqof43l9zk

    Score
    1/10
    behavioral15behavioral16

    • Target

      Newtonsoft.Json.dll

    • Size

      695KB

    • MD5

      195ffb7167db3219b217c4fd439eedd6

    • SHA1

      1e76e6099570ede620b76ed47cf8d03a936d49f8

    • SHA256

      e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

    • SHA512

      56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

    • SSDEEP

      12288:GBja5bBvR8Q0TE2HB0WLmvXbsVG1Gw03RzxNHgKhwFBkjSHXP36RMGy1NqTUO:GBjk38WuBcAbwoA/BkjSHXP36RMG/

    Score
    1/10
    behavioral17behavioral18

    • Target

      OpenAL/x64/openal32.dll

    • Size

      407KB

    • MD5

      2b5a427b85eea53675484405af5010e0

    • SHA1

      19201c0fb48ed20effd74de7989c2fa45326e35e

    • SHA256

      f42706c862bc3d66550eb0a929bd5cb195c7a1f6a181cc854d59fc124d771023

    • SHA512

      f1793a8d9402da2d23e14046ca2618bdb5fc0dd8986880f07d54df8fd3b23359de9d9b515f53b072a1d843b492d000ac5f2716ceb01f3f9d694e1aa8c4cf10d3

    • SSDEEP

      6144:ipdaQesGCdaTNOznuivPI6YXaZGQTH0PBXWSD1y/X4uI+D:wTesGgaTNO6ivPjKaZG4X4uI+D

    Score
    1/10
    behavioral19behavioral20

    • Target

      OpenAL/x86/openal32.dll

    • Size

      688KB

    • MD5

      eb6d3a54c9d8ad689311f58a28582bf0

    • SHA1

      ebbba61fd88c2e61a2e9d02a05532dc3b359dd44

    • SHA256

      a22b03451246bdbb4a136b838f7a301651999dd0e1f979c09c27017337b64b60

    • SHA512

      fdee08beaa86bce313d9747db6796e24cbd878ad9dee04b277a4c6a4d88e50799e6c4f2c93ceaa0b8270ff632f74f2ec783de35cb43889c55278df85ecce3515

    • SSDEEP

      12288:R+zcxi8mKyKs2WfN9gWzzkZz5fQoDtL+qyy8FOsY:R+uiYO2sNCWzzkZz5XPCOp

    Score
    3/10
    discovery
    behavioral21behavioral22

    • Target

      OpenTK.dll

    • Size

      3.8MB

    • MD5

      f53fc357a78ebb49d68d11ab84ac207b

    • SHA1

      7aa877ccaffd3017bea679904b2bbf6101692a60

    • SHA256

      fd7cb5fc016a15c619afe5d111b7d3b243aba210c32be279e80b72aa3290a8aa

    • SHA512

      c66a3143eaaa2d0202acc8b56516008ad534626126f2bf49ce8c4622cb384f04a7be8681d3774cf1eacd78edb633b7ee9c0542ac699cf4141fdc9f6a3f8cc367

    • SSDEEP

      24576:TKo+np+n3CGBO9XNTdlCOR46nKOwJWfbLXVFyeGRjFw/thyMa3xB:/CGBO9XNTXKpgTzSjWJa3

    Score
    1/10
    behavioral23behavioral24

    • Target

      Survivalcraft.exe

    • Size

      2.1MB

    • MD5

      6d08234db22fc3c62b23e08f28a71ffd

    • SHA1

      d2eb49802a4247739763e106413e06b3e8c8a43e

    • SHA256

      857a6fc48daa936120537557458f6417b433dd18f11d4e749943c45732b86cbc

    • SHA512

      9ce6cb8145191000797b2894ab1f1a7a1a595e45c32dbfc0e5e1a803cfb194aadf661cc9b5dd116f47f82a8d18d20a6be8764e9c2a275b4b4290d8446bd13ff3

    • SSDEEP

      24576:23PoTvLEjxMdgsiH79MgGPPc464eXD2AUyQW1qrucuMwuNnoqdOqjfRv01sHQb2V:i6v3Jc2J9HK68kdlT

    Score
    1/10
    behavioral25behavioral26

    • Target

      System.Buffers.dll

    • Size

      20KB

    • MD5

      ecdfe8ede869d2ccc6bf99981ea96400

    • SHA1

      2f410a0396bc148ed533ad49b6415fb58dd4d641

    • SHA256

      accccfbe45d9f08ffeed9916e37b33e98c65be012cfff6e7fa7b67210ce1fefb

    • SHA512

      5fc7fee5c25cb2eee19737068968e00a00961c257271b420f594e5a0da0559502d04ee6ba2d8d2aad77f3769622f6743a5ee8dae23f8f993f33fb09ed8db2741

    • SSDEEP

      384:/rMdp9yXOfPfAxR5zwWvYW8a2cyHRN7vCvlbLg:/rMcXP6N6e

    Score
    1/10
    behavioral27behavioral28

    • Target

      System.Collections.Immutable.dll

    • Size

      175KB

    • MD5

      8f55c22412f7d448d6e7b83102665368

    • SHA1

      88df86ee0b137992af15a35825804274fa252e30

    • SHA256

      67730917b4e856e37a9d78245527584087fac6b20a7377677b2f444cd15db918

    • SHA512

      058431aa2280511b00a72ea55ded9bdaef55420f5bce10c9352d4f92736a11884d1e70706016b988cca560358b3b43ce1bad5c9bd726f11d8ad66e3c91f98ccb

    • SSDEEP

      3072:gUbJLl+WMe7FJ02NPhVN0T2rcoNXvUJ4C0jucx2ejoVjM4xT56pL:gUVMWNvrxUJ4CDcY5G

    Score
    1/10
    behavioral29behavioral30

    • Target

      System.Memory.dll

    • Size

      138KB

    • MD5

      f09441a1ee47fb3e6571a3a448e05baf

    • SHA1

      3c5c5df5f8f8db3f0a35c5ed8d357313a54e3cde

    • SHA256

      bf3fb84664f4097f1a8a9bc71a51dcf8cf1a905d4080a4d290da1730866e856f

    • SHA512

      0199ae0633bccfeaefbb5aed20832a4379c7ad73461d41a9da3d6dc044093cc319670e67c4efbf830308cbd9a48fb40d4a6c7e472dcc42eb745c6ba813e8e7c6

    • SSDEEP

      3072:nUGrszKKLB8a9DvrJeeesIf3amN32AW/rcyw/s:OB8l3/aK32qU

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

backdoorwarmcookie
Score
10/10

behavioral1

execution
Score
6/10

behavioral2

execution
Score
6/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10