Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8d579af72e40ac93ab1049001d1a2263a55fe03b03184947d07e878683f96a04

  • Size

    319KB

  • Sample

    221101-ncwsysbce4

  • MD5

    e9421c419d7d6863c3e68c9781c00f84

  • SHA1

    b2a56e00e0c12ac4b9faf8d3dd4b389c46346c26

  • SHA256

    8d579af72e40ac93ab1049001d1a2263a55fe03b03184947d07e878683f96a04

  • SHA512

    098c3ab7d0ed6303c44f2f7f23f228ef815c0c390af98348446bd1fa3877d334e32ca13be6de473b95fda1dffabfd866c1c40edecb3a3154174db89a7fac585c

  • SSDEEP

    3072:jtLwUSPN25GxCgOi8oLFgYKhWNejXRem2OWIyRkZ5vi4VggjcGkNIVqIs7:pwUSPDxzOi8oBgF8NejheJ1wJR7ITsq

Malware Config

Targets

    • Target

      8d579af72e40ac93ab1049001d1a2263a55fe03b03184947d07e878683f96a04

    • Size

      319KB

    • MD5

      e9421c419d7d6863c3e68c9781c00f84

    • SHA1

      b2a56e00e0c12ac4b9faf8d3dd4b389c46346c26

    • SHA256

      8d579af72e40ac93ab1049001d1a2263a55fe03b03184947d07e878683f96a04

    • SHA512

      098c3ab7d0ed6303c44f2f7f23f228ef815c0c390af98348446bd1fa3877d334e32ca13be6de473b95fda1dffabfd866c1c40edecb3a3154174db89a7fac585c

    • SSDEEP

      3072:jtLwUSPN25GxCgOi8oLFgYKhWNejXRem2OWIyRkZ5vi4VggjcGkNIVqIs7:pwUSPDxzOi8oBgF8NejheJ1wJR7ITsq

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks