Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9943588E9B315BD14F071F0DBAFE5EE9AE0124C5ED10AD53B2C6A463B3920D32

  • Size

    1.2MB

  • Sample

    230518-cdltlahb24

  • MD5

    373d1028ec4c73bfcc98bc67be2ba8f6

  • SHA1

    5a4d0d82b5b3b1d9a648c11acf21b3d877983a77

  • SHA256

    9943588e9b315bd14f071f0dbafe5ee9ae0124c5ed10ad53b2c6a463b3920d32

  • SHA512

    d962cf760e10e6575a49df38ee3c53afd08b9e2501ac0d14ce3804e67608ffc522d992965c5d6aa33178b560cc074d6816e20fc6ca958d1af29ff03b8a92fe04

  • SSDEEP

    6144:Wj20IjUUXgrZc0YuiNNKrDtzo99bYRNMZo6Ku2qP9szt76JyOk:9NzgZ3YTTgJovbqNMHK32hJyOk

Malware Config

Targets

    • Target

      DOCUMENT.EXE

    • Size

      306KB

    • MD5

      a814dc37ac7cc706c662194585e4d2a9

    • SHA1

      912c6a6741476eea9621e4c71d3d7ab26ba54e5f

    • SHA256

      49479374e667e0897b7f9a742aea8a795dce57bd2cbb0ad5e601b8b28522f0f0

    • SHA512

      45cc9ea588eb30bd517d60dc749c15d5e4f12d66ca822eac8784e876209125570d61621880ac0206b3c852cf94a881a1c32d0613f315070ffc6f8acfc563ab2c

    • SSDEEP

      6144:Cj20IjUUXgrZc0YuiNNKrDtzo99bYRNMZo6Ku2qP9szt76JyOk4:BNzgZ3YTTgJovbqNMHK32hJyOk4

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks