Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
1.msi
-
Size
680KB
-
Sample
230806-19mb1adg5x
-
MD5
3035101d044a4425dbd5a523ace428c3
-
SHA1
f08ecf54bb93077fc32cef5f6915ce569e38bed1
-
SHA256
f4de4f89d51790fbcc5e69d1daec304ac0433179973bfcb1828c8691a0dc5e84
-
SHA512
d60db29c92f219c9f69debc1ad1c50cf74b858c2e9e2bd4ed00f2bb6e1e9c8bbf7e9240ec11cc7e46cafc2a0651a462f2c6c1c42824b913bedf747a1b1dae9d0
-
SSDEEP
12288:z6hgTBOyy3AhX+JP4OduQDNZ4hxUxBjcyHnUaK6BpefgRY1bHzv7F/EfO:W+dIu+zduQDD4hxUYy0Z6B4flbHLtEW
Static task
static1
Behavioral task
behavioral1
Sample
1.msi
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
1.msi
Resource
win10v2004-20230703-en
Malware Config
Targets
-
-
Target
1.msi
-
Size
680KB
-
MD5
3035101d044a4425dbd5a523ace428c3
-
SHA1
f08ecf54bb93077fc32cef5f6915ce569e38bed1
-
SHA256
f4de4f89d51790fbcc5e69d1daec304ac0433179973bfcb1828c8691a0dc5e84
-
SHA512
d60db29c92f219c9f69debc1ad1c50cf74b858c2e9e2bd4ed00f2bb6e1e9c8bbf7e9240ec11cc7e46cafc2a0651a462f2c6c1c42824b913bedf747a1b1dae9d0
-
SSDEEP
12288:z6hgTBOyy3AhX+JP4OduQDNZ4hxUxBjcyHnUaK6BpefgRY1bHzv7F/EfO:W+dIu+zduQDD4hxUYy0Z6B4flbHLtEW
Score10/10-
Detect rhadamanthys stealer shellcode
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-