Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    SkyDemonSetup.exe

  • Size

    10.7MB

  • Sample

    240406-rqkvdsch36

  • MD5

    e06f863cc413e7acf7d917ed98387f0e

  • SHA1

    cb17e7399aa9075404c24cd0f29c59f8813ba7e9

  • SHA256

    7979e5706ed8723f1f3aa800376d7c0cba34e8e384ee91ea8daeade864a0c826

  • SHA512

    47e6315cb676661932ed70ada57b1158b7468b6f6dc75dcd26ff08a11ff757e34468caf57b40144edc5f2c71e87635a7b4c10d3b5a2afa6cc4450104ad85da71

  • SSDEEP

    196608:VH/YaZMJjy/6svEb/6Vme5P4BxqStL9PalJ1zjCYRHRodsGClt80Hg4p2h+f+UQV:Te2/hwyVFOxwrdCOHRmIhH2+mU5kJn

Malware Config

Targets

    • Target

      SkyDemonSetup.exe

    • Size

      10.7MB

    • MD5

      e06f863cc413e7acf7d917ed98387f0e

    • SHA1

      cb17e7399aa9075404c24cd0f29c59f8813ba7e9

    • SHA256

      7979e5706ed8723f1f3aa800376d7c0cba34e8e384ee91ea8daeade864a0c826

    • SHA512

      47e6315cb676661932ed70ada57b1158b7468b6f6dc75dcd26ff08a11ff757e34468caf57b40144edc5f2c71e87635a7b4c10d3b5a2afa6cc4450104ad85da71

    • SSDEEP

      196608:VH/YaZMJjy/6svEb/6Vme5P4BxqStL9PalJ1zjCYRHRodsGClt80Hg4p2h+f+UQV:Te2/hwyVFOxwrdCOHRmIhH2+mU5kJn

    • Downloads MZ/PE file

    • Sets file execution options in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks