Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
008100179377_INV_AWB_20230329.exe
-
Size
339KB
-
Sample
230403-gmfq6ada79
-
MD5
8ee10213a8319fdec8c2229e264a01d4
-
SHA1
c4e084201355eb124444d2ef58e049386fd0fb39
-
SHA256
4506e6e700c4e9b899f09c826a0d34a4a601654ce891dec0fe5a62dbb89f82e7
-
SHA512
5f1ff49411157502a73b89e481f69d35c710e9d4b9340beadd5b92ac59ecc3ff7347597ac42c65393bc9b32821b8f4b86bf5135f28450fb55812a4f0dd1c4298
-
SSDEEP
6144:yPXlu0E/c84v3K/qVkEizYgANMNMK9QlOMMWVJvVyn2hsXWyVjrKr:5/GvK/qDiLBKfIWVJvV6C/ypa
Static task
static1
Behavioral task
behavioral1
Sample
008100179377_INV_AWB_20230329.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
008100179377_INV_AWB_20230329.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
008100179377_INV_AWB_20230329.exe
-
Size
339KB
-
MD5
8ee10213a8319fdec8c2229e264a01d4
-
SHA1
c4e084201355eb124444d2ef58e049386fd0fb39
-
SHA256
4506e6e700c4e9b899f09c826a0d34a4a601654ce891dec0fe5a62dbb89f82e7
-
SHA512
5f1ff49411157502a73b89e481f69d35c710e9d4b9340beadd5b92ac59ecc3ff7347597ac42c65393bc9b32821b8f4b86bf5135f28450fb55812a4f0dd1c4298
-
SSDEEP
6144:yPXlu0E/c84v3K/qVkEizYgANMNMK9QlOMMWVJvVyn2hsXWyVjrKr:5/GvK/qDiLBKfIWVJvV6C/ypa
Score10/10-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-