Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
SecuriteInfo.com.W32.Trojan.UDXH-7640.14250.32506.exe
-
Size
194KB
-
Sample
221107-fppamscban
-
MD5
1f7c02bd3eb53ee754b0c67c74cceec0
-
SHA1
18e72b462474521a212c0b0ece294d89cfc9b3d7
-
SHA256
fb4ff0ea4e2d42506aab15195e00b83441f97ee6c7d254d6b8e142b19697cbd1
-
SHA512
4e81983e8058ccf3e966bb664c33a8f5910e34800a10105fb46448b3172c83c6af9aa55cf1ccd8458ca1ddf24717eb83c439f22f1ddc12dfd9265cc21dfdcacf
-
SSDEEP
6144:0Uj/wkaLFBG5XddZTnzFFoXEPkua5AxQbI:0qNm2BnzFbkuaB8
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.W32.Trojan.UDXH-7640.14250.32506.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.W32.Trojan.UDXH-7640.14250.32506.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
SecuriteInfo.com.W32.Trojan.UDXH-7640.14250.32506.exe
-
Size
194KB
-
MD5
1f7c02bd3eb53ee754b0c67c74cceec0
-
SHA1
18e72b462474521a212c0b0ece294d89cfc9b3d7
-
SHA256
fb4ff0ea4e2d42506aab15195e00b83441f97ee6c7d254d6b8e142b19697cbd1
-
SHA512
4e81983e8058ccf3e966bb664c33a8f5910e34800a10105fb46448b3172c83c6af9aa55cf1ccd8458ca1ddf24717eb83c439f22f1ddc12dfd9265cc21dfdcacf
-
SSDEEP
6144:0Uj/wkaLFBG5XddZTnzFFoXEPkua5AxQbI:0qNm2BnzFbkuaB8
Score10/10-
Detects Smokeloader packer
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-