Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    179F2DE48F9A4CEF0920D83F71252904.exe

  • Size

    301KB

  • Sample

    230502-ym477aeb31

  • MD5

    179f2de48f9a4cef0920d83f71252904

  • SHA1

    6216ec923c4b84c7af588ca5c9f9c51e054450e6

  • SHA256

    a9ffa30dd57e499a1ae2491d5955161888fb8b19f282bb2f67ce8becce71870d

  • SHA512

    46786dfb79c4f71089425b07c033e4a254e2f07c2889ec5fa2d00533362d92f094e74ec71a3487d3b0677720307cd135d62e369d1b1c72cf3a977418b7e7abc2

  • SSDEEP

    6144:V7ewkyOodZQFgyadTqtsIZHhqOE+56+U9xh46E:5Vkyzdu4y7Zt6+0xmB

Score
10/10

Malware Config

Targets

    • Target

      179F2DE48F9A4CEF0920D83F71252904.exe

    • Size

      301KB

    • MD5

      179f2de48f9a4cef0920d83f71252904

    • SHA1

      6216ec923c4b84c7af588ca5c9f9c51e054450e6

    • SHA256

      a9ffa30dd57e499a1ae2491d5955161888fb8b19f282bb2f67ce8becce71870d

    • SHA512

      46786dfb79c4f71089425b07c033e4a254e2f07c2889ec5fa2d00533362d92f094e74ec71a3487d3b0677720307cd135d62e369d1b1c72cf3a977418b7e7abc2

    • SSDEEP

      6144:V7ewkyOodZQFgyadTqtsIZHhqOE+56+U9xh46E:5Vkyzdu4y7Zt6+0xmB

    Score
    10/10
    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks