Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

IMG-ORDER-...ZZ.exe

windows7-x64

10

IMG-ORDER-...ZZ.exe

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Metallochromy206.com

windows7-x64

Metallochromy206.com

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    IMG-ORDER-Comex-3264775737745728821842424ZZ.exe

  • Size

    2.0MB

  • Sample

    240220-htsvqsda7t

  • MD5

    56080cfd42fa3713f8e338b7c43b3c58

  • SHA1

    296ed8c2990562aafec3990541cefdd65da03974

  • SHA256

    2db92a3fa08dc8e97b4f2651e9ec1d123d2556ce5bc7ec9474672767f6505e26

  • SHA512

    b13027c40db1e342ed78b8858719be164a56a969feb963b48c65a79cb941e82589b54c69cbe97d888ec164826a363edbd55531ede2299ef5dbc0ec27c99b51b4

  • SSDEEP

    49152:rtcVOUULvCUAf9JvhGTP+2Nv4JVClDq0LvoZo358R2h+A:BcV8S1RID+YviYCe588h+A

Score
10/10
guloaderdownloaderpersistence

Malware Config

Targets

    • Target

      IMG-ORDER-Comex-3264775737745728821842424ZZ.exe

    • Size

      2.0MB

    • MD5

      56080cfd42fa3713f8e338b7c43b3c58

    • SHA1

      296ed8c2990562aafec3990541cefdd65da03974

    • SHA256

      2db92a3fa08dc8e97b4f2651e9ec1d123d2556ce5bc7ec9474672767f6505e26

    • SHA512

      b13027c40db1e342ed78b8858719be164a56a969feb963b48c65a79cb941e82589b54c69cbe97d888ec164826a363edbd55531ede2299ef5dbc0ec27c99b51b4

    • SSDEEP

      49152:rtcVOUULvCUAf9JvhGTP+2Nv4JVClDq0LvoZo358R2h+A:BcV8S1RID+YviYCe588h+A

    Score
    10/10
    guloaderdownloaderpersistence

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      55a26d7800446f1373056064c64c3ce8

    • SHA1

      80256857e9a0a9c8897923b717f3435295a76002

    • SHA256

      904fd5481d72f4e03b01a455f848dedd095d0fb17e33608e0d849f5196fb6ff8

    • SHA512

      04b8ab7a85c26f188c0a06f524488d6f2ac2884bf107c860c82e94ae12c3859f825133d78338fd2b594dfc48f7dc9888ae76fee786c6252a5c77c88755128a5b

    • SSDEEP

      192:MPtkumJX7zBE2kGwfy9S9VkPsFQ1Mx1c:97O2k5q9wA1Mxa

    Score
    3/10
    behavioral3behavioral4

    • Target

      Metallochromy206.Com

    • Size

      210KB

    • MD5

      b89766549f27396708f6760caf984efb

    • SHA1

      db8d188fb71b661e1bfc8eb66b461341ee1a5d84

    • SHA256

      1047db547dcb4ba15d1baeca02f3c0b66ab402b48e7e3148891b97fd50c9ddee

    • SHA512

      2cfa0192ea7a8359d9499f7732e311fb49085bde231be238a4d0165b59337d057514535afce709f0718eb772e8553c1d58f7318eea4c7d2eef249ccd31a8b9b1

    • SSDEEP

      3072:8G2UsGqbUBO0qr6hEydLjrmTYPem3vbI1LOhPHZVjyk6ajYR934mHBy:aGqgOl6+ylCTBQIt8P59yxa634SI

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks