Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7d06e1398824ce24db20af1e5de6eae8.exe

  • Size

    301KB

  • Sample

    221229-pjxjhada47

  • MD5

    7d06e1398824ce24db20af1e5de6eae8

  • SHA1

    fb01ccd6b557431d46278ea95ff13c3ec58ae6c5

  • SHA256

    fbbeaa1e952007ae67e981d3ba3b282e260dba293a2250a7756c2ba4f27ba3aa

  • SHA512

    d03bd3c16dc992a252e367b76c7b9e963ab11c13b90bf4adb457f4195fb23511b9fbb5c11612bd08a536aba20ad5bee65d526bde62d5a62bc28095ea07d4eeee

  • SSDEEP

    6144:5+U5mLNpGWZedB+Aqxro2yiw7n1HbwZoV9J:rwB4WYcAsZw7

Malware Config

Targets

    • Target

      7d06e1398824ce24db20af1e5de6eae8.exe

    • Size

      301KB

    • MD5

      7d06e1398824ce24db20af1e5de6eae8

    • SHA1

      fb01ccd6b557431d46278ea95ff13c3ec58ae6c5

    • SHA256

      fbbeaa1e952007ae67e981d3ba3b282e260dba293a2250a7756c2ba4f27ba3aa

    • SHA512

      d03bd3c16dc992a252e367b76c7b9e963ab11c13b90bf4adb457f4195fb23511b9fbb5c11612bd08a536aba20ad5bee65d526bde62d5a62bc28095ea07d4eeee

    • SSDEEP

      6144:5+U5mLNpGWZedB+Aqxro2yiw7n1HbwZoV9J:rwB4WYcAsZw7

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Sets DLL path for service in the registry

    • Sets service image path in registry

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks