Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
71fa869efa924ab2112f97f4eeaee7062bddd34811ea29a8bb406047f08f9fc0
-
Size
227KB
-
Sample
221221-pnh7nscc46
-
MD5
a9f127a12daffee261db244461d88d4d
-
SHA1
87c3daaeb52d3752cfe2490f2bd50fa4aa662c18
-
SHA256
71fa869efa924ab2112f97f4eeaee7062bddd34811ea29a8bb406047f08f9fc0
-
SHA512
d841a8164fed58f455ee035ff88bd42414af7ca1865b9e72ab79601b91d9f9752786020eeaea543dce9048431dd0270dc6ec146121a28f66f163a08b5e7ee522
-
SSDEEP
6144:5GtLRU8PORjhRzo53oTqW85sbqkfeRu4:ItKKgjno53cb68
Static task
static1
Behavioral task
behavioral1
Sample
71fa869efa924ab2112f97f4eeaee7062bddd34811ea29a8bb406047f08f9fc0.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
71fa869efa924ab2112f97f4eeaee7062bddd34811ea29a8bb406047f08f9fc0
-
Size
227KB
-
MD5
a9f127a12daffee261db244461d88d4d
-
SHA1
87c3daaeb52d3752cfe2490f2bd50fa4aa662c18
-
SHA256
71fa869efa924ab2112f97f4eeaee7062bddd34811ea29a8bb406047f08f9fc0
-
SHA512
d841a8164fed58f455ee035ff88bd42414af7ca1865b9e72ab79601b91d9f9752786020eeaea543dce9048431dd0270dc6ec146121a28f66f163a08b5e7ee522
-
SSDEEP
6144:5GtLRU8PORjhRzo53oTqW85sbqkfeRu4:ItKKgjno53cb68
-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-