Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

3cdd56ad47...15.exe

windows7-x64

8

3cdd56ad47...15.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3cdd56ad474ebef40f70b209d6bb5415

  • Size

    300KB

  • Sample

    240101-pp3mpsddg8

  • MD5

    3cdd56ad474ebef40f70b209d6bb5415

  • SHA1

    7f03cfa41b6abe440738a2c824b67b1ec16c7205

  • SHA256

    8dc8690323b9905db8c8b68d47287ca9aa6c1c3793afd882e085da5020d9b7c2

  • SHA512

    b925fe7e3bacac9042636fd6fb5bf57d90aa17847d88caf6a7edc411f759178d225c8d0da0c13a380892cc888ebe46608a4eb21c3925746905c1df4fa466bb2a

  • SSDEEP

    6144:lxcGs0RLkFpzB/Zz92IzuSqVkATxeBVmLotzbE3r9yDQvM:BRLkfzBRR2+akFvmLot/E3g80

Score
8/10
persistencevmprotect

Malware Config

Targets

    • Target

      3cdd56ad474ebef40f70b209d6bb5415

    • Size

      300KB

    • MD5

      3cdd56ad474ebef40f70b209d6bb5415

    • SHA1

      7f03cfa41b6abe440738a2c824b67b1ec16c7205

    • SHA256

      8dc8690323b9905db8c8b68d47287ca9aa6c1c3793afd882e085da5020d9b7c2

    • SHA512

      b925fe7e3bacac9042636fd6fb5bf57d90aa17847d88caf6a7edc411f759178d225c8d0da0c13a380892cc888ebe46608a4eb21c3925746905c1df4fa466bb2a

    • SSDEEP

      6144:lxcGs0RLkFpzB/Zz92IzuSqVkATxeBVmLotzbE3r9yDQvM:BRLkfzBRR2+akFvmLot/E3g80

    Score
    8/10
    persistencevmprotect

    • Sets DLL path for service in the registry

      persistence

    • Deletes itself

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks