Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

KONTRAKT-pdf.exe

windows7-x64

7

KONTRAKT-pdf.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    KONTRAKT-pdf.exe

  • Size

    443KB

  • Sample

    230816-l9lcdaab43

  • MD5

    b41dd3bd3df55870e2f940fe81373df2

  • SHA1

    269f30b33075c280a050d5315d9ddaa7953b7a2f

  • SHA256

    f3aa1512832e308956898dc2985062be4e57602ae28619b9760a289139943e45

  • SHA512

    0a9d976f0a2482ee373ec4e3e332c7e9f8875acbb20b209136b6d4d94ea83f32b92830821cc58b2f6cc89b05f748470638420133d7304a9b2bb706f3efa8ba4e

  • SSDEEP

    6144:FmGIhJFHs4wfO1AJcmmCAmP+vYjL27rbc4Zk/4Rd5Dj0IDY:QvSJPmUPoYjLerg4egRdt0I0

Score
7/10

Malware Config

Targets

    • Target

      KONTRAKT-pdf.exe

    • Size

      443KB

    • MD5

      b41dd3bd3df55870e2f940fe81373df2

    • SHA1

      269f30b33075c280a050d5315d9ddaa7953b7a2f

    • SHA256

      f3aa1512832e308956898dc2985062be4e57602ae28619b9760a289139943e45

    • SHA512

      0a9d976f0a2482ee373ec4e3e332c7e9f8875acbb20b209136b6d4d94ea83f32b92830821cc58b2f6cc89b05f748470638420133d7304a9b2bb706f3efa8ba4e

    • SSDEEP

      6144:FmGIhJFHs4wfO1AJcmmCAmP+vYjL27rbc4Zk/4Rd5Dj0IDY:QvSJPmUPoYjLerg4egRdt0I0

    Score
    7/10

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks