Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
0f630e483e9761ca666822688dc27620440238874a1311281a6a0b69e1c2b05c
-
Size
367KB
-
Sample
230104-s28k9sca21
-
MD5
c1e4a1c0fc7a3a8067aea03428fb410d
-
SHA1
33052d4c606a7c2a1da7a1b0dee00dc84501ccc0
-
SHA256
0f630e483e9761ca666822688dc27620440238874a1311281a6a0b69e1c2b05c
-
SHA512
f50a228b711716a3c1ba459a487bf5986831edf2c91539b794dbdf0c3479fcb4615510fd01a411b32ccf41c7fab5990f1f2ee1a363166a4ff6876b4c6086d9d1
-
SSDEEP
3072:PFhXncvdLriKZzcy5uLs9ypva0nAOjR3PJ6y3p0Gtzo8jdA4upFldiLLkVuYjTiL:TmLrhzQwUy0AOF0GtzooxupmLgxjT
Static task
static1
Behavioral task
behavioral1
Sample
0f630e483e9761ca666822688dc27620440238874a1311281a6a0b69e1c2b05c.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
0f630e483e9761ca666822688dc27620440238874a1311281a6a0b69e1c2b05c
-
Size
367KB
-
MD5
c1e4a1c0fc7a3a8067aea03428fb410d
-
SHA1
33052d4c606a7c2a1da7a1b0dee00dc84501ccc0
-
SHA256
0f630e483e9761ca666822688dc27620440238874a1311281a6a0b69e1c2b05c
-
SHA512
f50a228b711716a3c1ba459a487bf5986831edf2c91539b794dbdf0c3479fcb4615510fd01a411b32ccf41c7fab5990f1f2ee1a363166a4ff6876b4c6086d9d1
-
SSDEEP
3072:PFhXncvdLriKZzcy5uLs9ypva0nAOjR3PJ6y3p0Gtzo8jdA4upFldiLLkVuYjTiL:TmLrhzQwUy0AOF0GtzooxupmLgxjT
-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-