Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

quotefile.ps1

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    quotefile.ps1

  • Size

    1.9MB

  • Sample

    220906-vf8egsdedl

  • MD5

    739eaf406607fa3efddb9c6c97cdba76

  • SHA1

    bdb0575775a3447391b9d719e6d69c0e44549fd2

  • SHA256

    d6cc3ac995484b99ed790b6f8ceb145492794eb5d01ec4a71123b9975e9bfd20

  • SHA512

    80ccebc7f4ff3597031899973817acdb4c1638788aa37b536fcafb6cd03b2f6113d40527b2e7a7f49d4794f021c815f8dc85ac4fd372d40cde59da6db2769384

  • SSDEEP

    24576:AzrIw+80AssR3D6UN6hzwbSVsi5MW94d5upIAMoIKAdqQb16:AwwahXsvWK1dj6

Score
9/10
evasion

Malware Config

Targets

    • Target

      quotefile.ps1

    • Size

      1.9MB

    • MD5

      739eaf406607fa3efddb9c6c97cdba76

    • SHA1

      bdb0575775a3447391b9d719e6d69c0e44549fd2

    • SHA256

      d6cc3ac995484b99ed790b6f8ceb145492794eb5d01ec4a71123b9975e9bfd20

    • SHA512

      80ccebc7f4ff3597031899973817acdb4c1638788aa37b536fcafb6cd03b2f6113d40527b2e7a7f49d4794f021c815f8dc85ac4fd372d40cde59da6db2769384

    • SSDEEP

      24576:AzrIw+80AssR3D6UN6hzwbSVsi5MW94d5upIAMoIKAdqQb16:AwwahXsvWK1dj6

    Score
    9/10
    evasion

    • Enumerates VirtualBox registry keys

      evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks