Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

def91d01e6...22.exe

windows7-x64

10

def91d01e6...22.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    def91d01e64892f2b720ceec7b0e5774b7ee0a14e709d3477761a1d372d8a622

  • Size

    176KB

  • Sample

    221206-cp6m5sbe7x

  • MD5

    4c2b891ecb8d0e7b7b422c5608c0d2a2

  • SHA1

    487ddfc428f8c10b9129007d8dd2877fbd15ddee

  • SHA256

    6c894d47a0f8c38a33c40f89c91626ae76dad1ced9e375c5b62fa4606230a1be

  • SHA512

    bb66e753244b565a6316aa1b44832ce57f198942c09315782815e4927469c986d46e4a7032cd7dc71fcb14744b275515d37c0fb9df023795b1ea7c3cbc3760d6

  • SSDEEP

    3072:aDNODspM2IjYcHn7i1N33iTybc71E1Bt2izUsggk2mOZWnWmaRZaC187dg2GmP:5flV7AnMyA721mIU9gk2cARZaTgGP

Score
10/10
smokeloaderbackdoordiscoverytrojan

Malware Config

Targets

    • Target

      def91d01e64892f2b720ceec7b0e5774b7ee0a14e709d3477761a1d372d8a622

    • Size

      274KB

    • MD5

      f20d7caaa09e7b79277ce088ceb61888

    • SHA1

      2789b4652a4ec700927c4a6ee28ac3ac802afdde

    • SHA256

      def91d01e64892f2b720ceec7b0e5774b7ee0a14e709d3477761a1d372d8a622

    • SHA512

      211af48dc436b93ea68bc667236cb1588a37ba10128757adddb3f582393faae2acc31351773c0e59738fe1f2bf660c7676122370ecca789e606359b95f04d32f

    • SSDEEP

      6144:NOHyMsBtyXs721mIU9gzgkoIDc57brVS:NOHyjt361OIgKDc57nVS

    Score
    10/10
    smokeloaderbackdoortrojandiscovery

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks