Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

PRD.lnk

windows7-x64

3

PRD.lnk

windows10-2004-x64

9

lkndwsjds.ps1

windows7-x64

1

lkndwsjds.ps1

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Presentation for REMOVED.vhd

  • Size

    6.0MB

  • Sample

    220907-x219eaaahm

  • MD5

    a107688e5cc0c9332f47eadbdb682f69

  • SHA1

    e0f6d121580e6e52499f7b90b33644b79578fb32

  • SHA256

    e9a1ce3417838013412f81425ef74a37608754586722e00cacb333ba88eb9aa7

  • SHA512

    c32f84553626cc6ffbadd87b8aeed74bb2bbbe7b696373a3cdfb7f0e398774bee5763ab3a44795c6c467ebc9054a4f94657a4303c5fbc932b93010dccacd977c

  • SSDEEP

    24576:nCrxYbz4x5sfmFGtW4FnXVROmygccvaP0iP:HrUGtbXDOnB8

Score
9/10
evasion

Malware Config

Targets

    • Target

      PRD.lnk

    • Size

      1KB

    • MD5

      03475b66ae9683c845b1b99c9fb7b5f1

    • SHA1

      6ac4dd7bc3136f7b8c1b8f8b60d855a4f606bd67

    • SHA256

      7ba64fb34d07705c909cb271df4f8ffd152618897b25e77379c836b5c57fe1b4

    • SHA512

      ac41a57a4dd9993f53612c2a1b72c9375ced61d0f4e3b72403ce4d28d30c6353075756b439346cb7352be9656b4a54a76cc6846d3eb9f5fd0799372930240179

    Score
    9/10
    evasion

    • Enumerates VirtualBox registry keys

      evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral1behavioral2

    • Target

      lkndwsjds.ps1

    • Size

      1.6MB

    • MD5

      43b8002185775160d5b83de4a210dd35

    • SHA1

      62202c63aeef127ba0fb2c3ba1011d5f57b7bd61

    • SHA256

      9251fb4f0360db6cd155676c3abf99a5dcfb8b2de560a43ef36d9eec7718f987

    • SHA512

      f9bb592c7068e9a5f437b200548fb3edca4e889ac0eba7a9ddc9d2f1797cfa473848ddf2636f38ec205a625df40561e9998e89e6682a5abf3a6b399455186f9e

    • SSDEEP

      24576:cCrxYbz4x5sfmFGtW4FnXVROmygccvaP0iP3:krUGtbXDOnB8I

    Score
    9/10
    evasion

    • Enumerates VirtualBox registry keys

      evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral3behavioral4

MITRE ATT&CK Enterprise v6

Tasks