Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

cce33f881b...c8.exe

windows7-x64

10

cce33f881b...c8.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cce33f881b5d4fc308e2cfdaf6e196c8

  • Size

    320KB

  • Sample

    231222-r7sxbsfhg8

  • MD5

    cce33f881b5d4fc308e2cfdaf6e196c8

  • SHA1

    409e145727c4b08e285a5f56c1ea4d787e0b86f1

  • SHA256

    e9eaecb452ac6a633d38f5d5e1872df95e53d3273d72e63425d9a40408c47fff

  • SHA512

    b3b68b1b5222e9aed2b7f1d3781074397f8bf97b5f2eb2d32ddc10047715e18da3fb8b82d57116f459fe9171943c8b444351257792e46af57705defb15fa32b8

  • SSDEEP

    3072:QRpbB19av4ITa1YncX6JIeZc2tQAp3dC2Zj/AZXk4jX4tFLk86gP9pWe0:Q7IMydrZc2yA7ZjwX8tW

Score
10/10
guloaderdownloaderpersistence

Malware Config

Targets

    • Target

      cce33f881b5d4fc308e2cfdaf6e196c8

    • Size

      320KB

    • MD5

      cce33f881b5d4fc308e2cfdaf6e196c8

    • SHA1

      409e145727c4b08e285a5f56c1ea4d787e0b86f1

    • SHA256

      e9eaecb452ac6a633d38f5d5e1872df95e53d3273d72e63425d9a40408c47fff

    • SHA512

      b3b68b1b5222e9aed2b7f1d3781074397f8bf97b5f2eb2d32ddc10047715e18da3fb8b82d57116f459fe9171943c8b444351257792e46af57705defb15fa32b8

    • SSDEEP

      3072:QRpbB19av4ITa1YncX6JIeZc2tQAp3dC2Zj/AZXk4jX4tFLk86gP9pWe0:Q7IMydrZc2yA7ZjwX8tW

    Score
    10/10
    guloaderdownloaderpersistence

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks