Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
quotefile.ps1
-
Size
1.9MB
-
Sample
220906-vf8egsdedl
-
MD5
739eaf406607fa3efddb9c6c97cdba76
-
SHA1
bdb0575775a3447391b9d719e6d69c0e44549fd2
-
SHA256
d6cc3ac995484b99ed790b6f8ceb145492794eb5d01ec4a71123b9975e9bfd20
-
SHA512
80ccebc7f4ff3597031899973817acdb4c1638788aa37b536fcafb6cd03b2f6113d40527b2e7a7f49d4794f021c815f8dc85ac4fd372d40cde59da6db2769384
-
SSDEEP
24576:AzrIw+80AssR3D6UN6hzwbSVsi5MW94d5upIAMoIKAdqQb16:AwwahXsvWK1dj6
Static task
static1
Behavioral task
behavioral1
Sample
quotefile.ps1
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
quotefile.ps1
-
Size
1.9MB
-
MD5
739eaf406607fa3efddb9c6c97cdba76
-
SHA1
bdb0575775a3447391b9d719e6d69c0e44549fd2
-
SHA256
d6cc3ac995484b99ed790b6f8ceb145492794eb5d01ec4a71123b9975e9bfd20
-
SHA512
80ccebc7f4ff3597031899973817acdb4c1638788aa37b536fcafb6cd03b2f6113d40527b2e7a7f49d4794f021c815f8dc85ac4fd372d40cde59da6db2769384
-
SSDEEP
24576:AzrIw+80AssR3D6UN6hzwbSVsi5MW94d5upIAMoIKAdqQb16:AwwahXsvWK1dj6
Score9/10-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-