Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

b8293e812e...0a.exe

windows7-x64

10

b8293e812e...0a.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b8293e812ef4f33501232643e77347433b7be4ff0e29a2ec347c65d144ba760a

  • Size

    1.2MB

  • Sample

    231212-rwd9sseebk

  • MD5

    641cc6e34187e4e2632667ae4adaaa2d

  • SHA1

    6681091e18fcda8d91ba728ef1bf1f6e2279c086

  • SHA256

    b8293e812ef4f33501232643e77347433b7be4ff0e29a2ec347c65d144ba760a

  • SHA512

    e57320121f193af1b0a05d0b337dc0d9733c1452938191f97a0ab5b22c26e706387ba6f692f3b6d1dcda10b8ddb20e05acf99f187d9407dbc956e0b8ba930e19

  • SSDEEP

    24576:vgyWzWPs5jvw7u3/JakG9ETk7u43CNpdIpFs7Y4h+XjWTtjcPTg:vgy2WPgvuuvYdskC4S9eqL+aJkTg

Score
10/10
guloaderdownloaderpersistence

Malware Config

Targets

    • Target

      b8293e812ef4f33501232643e77347433b7be4ff0e29a2ec347c65d144ba760a

    • Size

      1.2MB

    • MD5

      641cc6e34187e4e2632667ae4adaaa2d

    • SHA1

      6681091e18fcda8d91ba728ef1bf1f6e2279c086

    • SHA256

      b8293e812ef4f33501232643e77347433b7be4ff0e29a2ec347c65d144ba760a

    • SHA512

      e57320121f193af1b0a05d0b337dc0d9733c1452938191f97a0ab5b22c26e706387ba6f692f3b6d1dcda10b8ddb20e05acf99f187d9407dbc956e0b8ba930e19

    • SSDEEP

      24576:vgyWzWPs5jvw7u3/JakG9ETk7u43CNpdIpFs7Y4h+XjWTtjcPTg:vgy2WPgvuuvYdskC4S9eqL+aJkTg

    Score
    10/10
    guloaderdownloaderpersistence

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks