Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
SKGHM_PE_757583588358839538539599593BeoersKnucklehead_1.7z
-
Size
47KB
-
Sample
240607-vs4xtsbd6x
-
MD5
81154b8137816008b1ef4beaad668a4b
-
SHA1
8c634ea54f6880b953eea7666fda31a2e4d90e35
-
SHA256
950908d3fcdebad1d68f28d7e05251fe94f15746e2105eb76335dabc3a1078a6
-
SHA512
63ab0647d081c0993e5cb1ce94dfbed695ae03911f08e8772def686adb9af3b57cc0959161ca5ba649d1a15130a31c38689f487c7c27aca560af4f98828df3e9
-
SSDEEP
768:jcUoj9JkDBHeo/1XEOduqh77bDLfdhO1bZdByXiK8ArAQtblfd0c/BKAirxoXI3t:jcUojqBHeo/1UGV7bDLO1BAiK/HBlfi9
Static task
static1
Behavioral task
behavioral1
Sample
SKGHM_PE_757583588358839538539599593BeoersKnucklehead.vbs
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
SKGHM_PE_757583588358839538539599593BeoersKnucklehead.vbs
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
SKGHM_PE_757583588358839538539599593BeoersKnucklehead.vbs
-
Size
154KB
-
MD5
8993abe6fdbed5a58e5f8806cb1a12d8
-
SHA1
6f52e232be6a55b0411d2d2bf1e03b01b7388921
-
SHA256
1d6d36ec589cbecea839e3b4a5156a35f48436847043f2e1f307f6579e7893e2
-
SHA512
9de0b6554063778d0fec454f0fcb72acc5a1b652aff0f4513254097b6cfdce80c496e330ba93c2bacbabc5437fa508a124eb5e099c0e92dca2d7b70975090bd3
-
SSDEEP
3072:Gvn9Dm5IXdH7eAlsSyP/ioJbae+nzu6J5RcuXrMLyVZH4lY0Gx2gDwDjNMrt:Gvn9Dm5IXdH7ecsSyP/io9ae+nzu6J5j
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-