Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Behavioral task
behavioral1
Sample
c4d045d0748ee08c602a1fc3a46b1498ce7297c18f12f9db44ea2b2dbfb4e37dN.exe
Resource
win7-20240729-en
General
-
Target
c4d045d0748ee08c602a1fc3a46b1498ce7297c18f12f9db44ea2b2dbfb4e37dN.exe
-
Size
229KB
-
MD5
528f26b2d46cd04b6fcb6fafcb3abf40
-
SHA1
857455c1dcdcd7bceabfff1f532ee3714e743245
-
SHA256
c4d045d0748ee08c602a1fc3a46b1498ce7297c18f12f9db44ea2b2dbfb4e37d
-
SHA512
20c0c8b69d8fb6045ac3f2e83fca527ac99a68375e62b4b3d8d66daa402ddfad1640f63721871aa2254bf71bb58beae2ef30a50154ef9dc6fa6c4a35999d8c5a
-
SSDEEP
6144:FloZM+rIkd8g+EtXHkv/iD4AFyuMS1NmYzus9x4uab8e1mti:HoZtL+EP8AFyuMS1NmYzus9x45j
Malware Config
Extracted
umbral
https://discord.com/api/webhooks/1313811831906762792/0E535NbdSliQWNEaFE2OeKp9ttWU5OcljhalGUnuKioPrSNPnNb45qh5ZMmcXLPrAWI1
Signatures
-
Detect Umbral payload 1 IoCs
resource yara_rule sample family_umbral -
Umbral family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource c4d045d0748ee08c602a1fc3a46b1498ce7297c18f12f9db44ea2b2dbfb4e37dN.exe
Files
-
c4d045d0748ee08c602a1fc3a46b1498ce7297c18f12f9db44ea2b2dbfb4e37dN.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 227KB - Virtual size: 226KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ