Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

Inv.276.exe

windows7_x64

9

Inv.276.exe

windows10_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Inv.276.exe

  • Size

    564KB

  • Sample

    200713-nkbrldw7fs

  • MD5

    d26aaf27b2cc642cb344d44a92c7ff42

  • SHA1

    c91b1fd22f2626262ebe16ca4116c34cb1f22aed

  • SHA256

    d6fb73252e37f4b2e507e97ddd633c789f7f947ee48b1e564330f4c1529eefb5

  • SHA512

    3ff2d9807ab78ead700880b1582e079c9020d2b92aa1d60662435acdd5d16acb61eb1316acbbeb536448311d5f19c47060a422bed4226ceef497201d09a1db70

Score
9/10

Malware Config

Targets

    • Target

      Inv.276.exe

    • Size

      564KB

    • MD5

      d26aaf27b2cc642cb344d44a92c7ff42

    • SHA1

      c91b1fd22f2626262ebe16ca4116c34cb1f22aed

    • SHA256

      d6fb73252e37f4b2e507e97ddd633c789f7f947ee48b1e564330f4c1529eefb5

    • SHA512

      3ff2d9807ab78ead700880b1582e079c9020d2b92aa1d60662435acdd5d16acb61eb1316acbbeb536448311d5f19c47060a422bed4226ceef497201d09a1db70

    Score
    9/10

    • Looks for VirtualBox Guest Additions in registry

    • Looks for VMWare Tools registry key

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks