Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

7

stealer_pr...py.exe

windows7-x64

10

stealer_pr...py.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    11/01/2025, 04:09 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    stealer_protect-Copy.exe

  • Size

    9.1MB

  • MD5

    cb86dd3b875f9cbd61325b45e50373a0

  • SHA1

    24b293baf601633d98ac46794ce35675011df210

  • SHA256

    14e0330250b54a0f15e5db48a53b0bf6517bed4fec8209eb5dc1df49ba9e5b8b

  • SHA512

    5019feeb950eb8a8fad4cdb161a43724b2600a5da12b26e1feb1bc4419b6f977b2016b106efcdb99271ff0b0c905a03b5a8c70df7283ec2449186c741b869011

  • SSDEEP

    196608:7G0ytxxQdi7nJf77gov4fplpRQSk5ZMGQfPXeLA52ANexrNceFcLQdc6E:7GZCWnN4OSWOvfPFCFF4Q

Score
10/10
skuldstealervmprotect

Malware Config

Extracted

Family

skuld

C2

https://discord.com/api/webhooks/1327282019205386252/erLY2QwL_rt0jlh9ekxiZDsoz9mmhENv17cYsEaE1ETg-IcHrp5uYIg3T1AvvJtwEpMs

Signatures

  • Skuld family
    skuld
  • Skuld stealer

    An info stealer written in Go lang.

    stealerskuld
  • VMProtect packed file 1 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\stealer_protect-Copy.exe
    "C:\Users\Admin\AppData\Local\Temp\stealer_protect-Copy.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:2284

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2284-0-0x00000000016AD000-0x0000000001A5A000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/2284-1-0x0000000077090000-0x0000000077092000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2284-11-0x0000000000C70000-0x0000000002377000-memory.dmp

    Filesize

    23.0MB

    Download

  • memory/2284-10-0x00000000770A0000-0x00000000770A2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2284-16-0x00000000016AD000-0x0000000001A5A000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/2284-8-0x00000000770A0000-0x00000000770A2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2284-6-0x00000000770A0000-0x00000000770A2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2284-5-0x0000000077090000-0x0000000077092000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2284-3-0x0000000077090000-0x0000000077092000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2284-17-0x0000000000C70000-0x0000000002377000-memory.dmp

    Filesize

    23.0MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.