Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

PO894749745.exe

windows7_x64

9

PO894749745.exe

windows10_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO894749745.exe

  • Size

    440KB

  • Sample

    200707-drym26sdjs

  • MD5

    6d687e89130f81088fcbf8f302700c1b

  • SHA1

    a9cba71526bbd7b1ff912774c1c5b623a90cff8a

  • SHA256

    b258aed05413eb191250d2907db5b64c4f36fdb0508fb3c9c6390c4144fd9497

  • SHA512

    8babb1e45e0bfde70bcb40c64478dc084fb0a94db8e79bc5e1f3428bf7af495daa1fb3747780664c47fb1b4555daff15021c82c7c8ab56849f77e91d4f549853

Score
9/10
evasiontrojan

Malware Config

Targets

    • Target

      PO894749745.exe

    • Size

      440KB

    • MD5

      6d687e89130f81088fcbf8f302700c1b

    • SHA1

      a9cba71526bbd7b1ff912774c1c5b623a90cff8a

    • SHA256

      b258aed05413eb191250d2907db5b64c4f36fdb0508fb3c9c6390c4144fd9497

    • SHA512

      8babb1e45e0bfde70bcb40c64478dc084fb0a94db8e79bc5e1f3428bf7af495daa1fb3747780664c47fb1b4555daff15021c82c7c8ab56849f77e91d4f549853

    Score
    9/10
    evasiontrojan

    • Looks for VirtualBox Guest Additions in registry

    • Looks for VMWare Tools registry key

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Uses the VBS compiler for execution

    • Checks whether UAC is enabled

      evasiontrojan

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks