Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2e801601f6fbfc97bb5a991bd4a4b92ea591eabe70d7d86a6eac26549fcfab5d.zip
-
Size
247KB
-
Sample
220910-w45tyaaeb2
-
MD5
7ffc8aac9a585e55a53b73077e3912cc
-
SHA1
c7ea5824df4fbe52e4d58357f4c7923c8e8f8420
-
SHA256
b1e3d0fbc99637ea6dd51c1041fdd5f315de0582382c00b8fbf160cd748bbc17
-
SHA512
695a5a32c312369a47bcad52747b841be85440142a0d47e9604fbfbb468363179e8261b59901c6af3a8f6660c2ce9b097681698a0626a9e246f259281c4f3904
-
SSDEEP
6144:wtXmcRhC8tLQPWEsW742huAjVH52KSQph+XHfKu2Un1mTIZjU:wtmSnuaW7NFR52KSQv+h1GJ
Static task
static1
Behavioral task
behavioral1
Sample
2e801601f6fbfc97bb5a991bd4a4b92ea591eabe70d7d86a6eac26549fcfab5d.exe
Resource
win7-20220901-en
Malware Config
Targets
-
-
Target
2e801601f6fbfc97bb5a991bd4a4b92ea591eabe70d7d86a6eac26549fcfab5d
-
Size
365KB
-
MD5
6e9fdb1ac3859e908475bc69b239435a
-
SHA1
251dcbd7385c20b02a7a9dfce1270b834c5d4659
-
SHA256
2e801601f6fbfc97bb5a991bd4a4b92ea591eabe70d7d86a6eac26549fcfab5d
-
SHA512
2c5b2ee91a4347f477c7ff802b1b562f548a8bc45c08fde06ec359c221f07f921291e46bf639377ef5cf20f7581e1d40b0e008c26ea89812f05ea73565093bc5
-
SSDEEP
6144:ecTKOC7+0H3uMAKbUQ8qfH4umdyJRVP+C5XYo9zZ1FKGUOUTE6qJWoDU0v+Dudrr:eWqH3D3bUQ8qfH4byJRV2CNYYBKGUOWC
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-