314414050eb799fc18f7ee3b8846245f12e991944ef28460de7d76146fbd73fe | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

NobleLoader.bat

windows7-x64

7

NobleLoader.bat

windows10-2004-x64

Sharing

General

Target

NobleLoader.bat
Size

14.7MB
Sample

231013-b1ne9sbc48
MD5

41171b66cefb46e58ba0df569a29588b
SHA1

ef11eca23d8b41ca19fc88029ebb4ff672de2f9f
SHA256

314414050eb799fc18f7ee3b8846245f12e991944ef28460de7d76146fbd73fe
SHA512

04dfa344fc41fbded8b90b72291fa97916a6b569503cf6e366e88b00c3d1ecedbe51bcc6b5aecd0ba995a3a0a8af568cb0921d0c1e9e5693051ff2caa6c0ce35
SSDEEP

49152:htLRC7rgOCeCecxKk5As27eSlwlLe/KY/yhRsfP6NcgDn8etxb6Qg8H3VkgLh+tE:J

Score

10^/10

Static task

static1

Behavioral task

behavioral1

Sample

NobleLoader.bat

Resource

win7-20230831-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

NobleLoader.bat

Resource

win10v2004-20230915-en

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  NobleLoader.bat
- Size
  
  14.7MB
- MD5
  
  41171b66cefb46e58ba0df569a29588b
- SHA1
  
  ef11eca23d8b41ca19fc88029ebb4ff672de2f9f
- SHA256
  
  314414050eb799fc18f7ee3b8846245f12e991944ef28460de7d76146fbd73fe
- SHA512
  
  04dfa344fc41fbded8b90b72291fa97916a6b569503cf6e366e88b00c3d1ecedbe51bcc6b5aecd0ba995a3a0a8af568cb0921d0c1e9e5693051ff2caa6c0ce35
- SSDEEP
  
  49152:htLRC7rgOCeCecxKk5As27eSlwlLe/KY/yhRsfP6NcgDn8etxb6Qg8H3VkgLh+tE:J
Score

10^/10
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy