Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
NobleLoader.bat
-
Size
14.7MB
-
Sample
231013-b1ne9sbc48
-
MD5
41171b66cefb46e58ba0df569a29588b
-
SHA1
ef11eca23d8b41ca19fc88029ebb4ff672de2f9f
-
SHA256
314414050eb799fc18f7ee3b8846245f12e991944ef28460de7d76146fbd73fe
-
SHA512
04dfa344fc41fbded8b90b72291fa97916a6b569503cf6e366e88b00c3d1ecedbe51bcc6b5aecd0ba995a3a0a8af568cb0921d0c1e9e5693051ff2caa6c0ce35
-
SSDEEP
49152:htLRC7rgOCeCecxKk5As27eSlwlLe/KY/yhRsfP6NcgDn8etxb6Qg8H3VkgLh+tE:J
Static task
static1
Behavioral task
behavioral1
Sample
NobleLoader.bat
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NobleLoader.bat
Resource
win10v2004-20230915-en
Malware Config
Targets
-
-
Target
NobleLoader.bat
-
Size
14.7MB
-
MD5
41171b66cefb46e58ba0df569a29588b
-
SHA1
ef11eca23d8b41ca19fc88029ebb4ff672de2f9f
-
SHA256
314414050eb799fc18f7ee3b8846245f12e991944ef28460de7d76146fbd73fe
-
SHA512
04dfa344fc41fbded8b90b72291fa97916a6b569503cf6e366e88b00c3d1ecedbe51bcc6b5aecd0ba995a3a0a8af568cb0921d0c1e9e5693051ff2caa6c0ce35
-
SSDEEP
49152:htLRC7rgOCeCecxKk5As27eSlwlLe/KY/yhRsfP6NcgDn8etxb6Qg8H3VkgLh+tE:J
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-