Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NobleLoader.bat

  • Size

    14.7MB

  • Sample

    231013-b1ne9sbc48

  • MD5

    41171b66cefb46e58ba0df569a29588b

  • SHA1

    ef11eca23d8b41ca19fc88029ebb4ff672de2f9f

  • SHA256

    314414050eb799fc18f7ee3b8846245f12e991944ef28460de7d76146fbd73fe

  • SHA512

    04dfa344fc41fbded8b90b72291fa97916a6b569503cf6e366e88b00c3d1ecedbe51bcc6b5aecd0ba995a3a0a8af568cb0921d0c1e9e5693051ff2caa6c0ce35

  • SSDEEP

    49152:htLRC7rgOCeCecxKk5As27eSlwlLe/KY/yhRsfP6NcgDn8etxb6Qg8H3VkgLh+tE:J

Score
10/10

Malware Config

Targets

    • Target

      NobleLoader.bat

    • Size

      14.7MB

    • MD5

      41171b66cefb46e58ba0df569a29588b

    • SHA1

      ef11eca23d8b41ca19fc88029ebb4ff672de2f9f

    • SHA256

      314414050eb799fc18f7ee3b8846245f12e991944ef28460de7d76146fbd73fe

    • SHA512

      04dfa344fc41fbded8b90b72291fa97916a6b569503cf6e366e88b00c3d1ecedbe51bcc6b5aecd0ba995a3a0a8af568cb0921d0c1e9e5693051ff2caa6c0ce35

    • SSDEEP

      49152:htLRC7rgOCeCecxKk5As27eSlwlLe/KY/yhRsfP6NcgDn8etxb6Qg8H3VkgLh+tE:J

    Score
    10/10
    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks