Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

ISFFORM H...ne.exe

windows7-x64

10

ISFFORM H...ne.exe

windows10-2004-x64

8

ISFFORM H...ne.exe

windows11-21h2-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ISFFORM HBLDRAFTTHBL53164US7272Coscoline.exe

  • Size

    632KB

  • Sample

    240510-jh8mgsec34

  • MD5

    051bd135f8be9f0dd2ef45a9918441f8

  • SHA1

    d60f44452664f2f82cdd5c023795589611977446

  • SHA256

    21773cea42a57dff11a05f01ea94f48fc457871b110a410e4ccb416a4e346229

  • SHA512

    bf029bde10505c6061a2a183e3d460a9c68e8564b71c41d89b5a0b8a2bbd5f9f8d8b9f20150623b9611af5f56256841eb924f04d473e4d8d8cea7609fb5eb5a0

  • SSDEEP

    12288:L2KmM4kx4NDiGYaasscxBh9GvLj8y3u8DehE3S/0kBrs4CGLx4:L2KU5tauxSLj8y3RKhGbkBN9Lm

Score
10/10
guloaderdownloaderexecutionpersistence

Malware Config

Targets

    • Target

      ISFFORM HBLDRAFTTHBL53164US7272Coscoline.exe

    • Size

      632KB

    • MD5

      051bd135f8be9f0dd2ef45a9918441f8

    • SHA1

      d60f44452664f2f82cdd5c023795589611977446

    • SHA256

      21773cea42a57dff11a05f01ea94f48fc457871b110a410e4ccb416a4e346229

    • SHA512

      bf029bde10505c6061a2a183e3d460a9c68e8564b71c41d89b5a0b8a2bbd5f9f8d8b9f20150623b9611af5f56256841eb924f04d473e4d8d8cea7609fb5eb5a0

    • SSDEEP

      12288:L2KmM4kx4NDiGYaasscxBh9GvLj8y3u8DehE3S/0kBrs4CGLx4:L2KU5tauxSLj8y3RKhGbkBN9Lm

    Score
    10/10
    guloaderdownloaderexecutionpersistence

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

Tasks