Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Presentation for REMOVED.vhd
-
Size
6.0MB
-
Sample
220907-x219eaaahm
-
MD5
a107688e5cc0c9332f47eadbdb682f69
-
SHA1
e0f6d121580e6e52499f7b90b33644b79578fb32
-
SHA256
e9a1ce3417838013412f81425ef74a37608754586722e00cacb333ba88eb9aa7
-
SHA512
c32f84553626cc6ffbadd87b8aeed74bb2bbbe7b696373a3cdfb7f0e398774bee5763ab3a44795c6c467ebc9054a4f94657a4303c5fbc932b93010dccacd977c
-
SSDEEP
24576:nCrxYbz4x5sfmFGtW4FnXVROmygccvaP0iP:HrUGtbXDOnB8
Static task
static1
Behavioral task
behavioral1
Sample
PRD.lnk
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
PRD.lnk
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
lkndwsjds.ps1
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
lkndwsjds.ps1
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
PRD.lnk
-
Size
1KB
-
MD5
03475b66ae9683c845b1b99c9fb7b5f1
-
SHA1
6ac4dd7bc3136f7b8c1b8f8b60d855a4f606bd67
-
SHA256
7ba64fb34d07705c909cb271df4f8ffd152618897b25e77379c836b5c57fe1b4
-
SHA512
ac41a57a4dd9993f53612c2a1b72c9375ced61d0f4e3b72403ce4d28d30c6353075756b439346cb7352be9656b4a54a76cc6846d3eb9f5fd0799372930240179
Score9/10-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
-
-
Target
lkndwsjds.ps1
-
Size
1.6MB
-
MD5
43b8002185775160d5b83de4a210dd35
-
SHA1
62202c63aeef127ba0fb2c3ba1011d5f57b7bd61
-
SHA256
9251fb4f0360db6cd155676c3abf99a5dcfb8b2de560a43ef36d9eec7718f987
-
SHA512
f9bb592c7068e9a5f437b200548fb3edca4e889ac0eba7a9ddc9d2f1797cfa473848ddf2636f38ec205a625df40561e9998e89e6682a5abf3a6b399455186f9e
-
SSDEEP
24576:cCrxYbz4x5sfmFGtW4FnXVROmygccvaP0iP3:krUGtbXDOnB8I
Score9/10-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-