Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ORDER DATASHEET.bat
-
Size
4KB
-
Sample
240911-kcemwssamc
-
MD5
a84cea9cab0242b271056a193f35df67
-
SHA1
4d72dd4db7fb3d3ea4ca24d434579b8a9b75ef4e
-
SHA256
4f6fa8a9b72f25d0d25b246cd21c6bb5d73cf8f925d31e6efe61ebd20f18ae14
-
SHA512
53b19d277c8b13da0924974505fb8718fc6ebc17d00608103019b2f918aaec4715a685fe5339c8310c3cef4659d150184f4ec24906e203cc6baa075b3a13f04a
-
SSDEEP
96:HSTZjDOr0S8RT8nrTPPAJlcZK97cokj42Ma+7kUWdFCBbiM0FB7QzsXUJp0y+Wfq:e/Rgnnccrjl89eFCGQxxZe
Malware Config
Targets
-
-
Target
ORDER DATASHEET.bat
-
Size
4KB
-
MD5
a84cea9cab0242b271056a193f35df67
-
SHA1
4d72dd4db7fb3d3ea4ca24d434579b8a9b75ef4e
-
SHA256
4f6fa8a9b72f25d0d25b246cd21c6bb5d73cf8f925d31e6efe61ebd20f18ae14
-
SHA512
53b19d277c8b13da0924974505fb8718fc6ebc17d00608103019b2f918aaec4715a685fe5339c8310c3cef4659d150184f4ec24906e203cc6baa075b3a13f04a
-
SSDEEP
96:HSTZjDOr0S8RT8nrTPPAJlcZK97cokj42Ma+7kUWdFCBbiM0FB7QzsXUJp0y+Wfq:e/Rgnnccrjl89eFCGQxxZe
Score10/10-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Network Service Discovery
Attempt to gather information on host's network.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-