Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2e801601f6fbfc97bb5a991bd4a4b92ea591eabe70d7d86a6eac26549fcfab5d.zip

  • Size

    247KB

  • Sample

    220910-w45tyaaeb2

  • MD5

    7ffc8aac9a585e55a53b73077e3912cc

  • SHA1

    c7ea5824df4fbe52e4d58357f4c7923c8e8f8420

  • SHA256

    b1e3d0fbc99637ea6dd51c1041fdd5f315de0582382c00b8fbf160cd748bbc17

  • SHA512

    695a5a32c312369a47bcad52747b841be85440142a0d47e9604fbfbb468363179e8261b59901c6af3a8f6660c2ce9b097681698a0626a9e246f259281c4f3904

  • SSDEEP

    6144:wtXmcRhC8tLQPWEsW742huAjVH52KSQph+XHfKu2Un1mTIZjU:wtmSnuaW7NFR52KSQv+h1GJ

Malware Config

Targets

    • Target

      2e801601f6fbfc97bb5a991bd4a4b92ea591eabe70d7d86a6eac26549fcfab5d

    • Size

      365KB

    • MD5

      6e9fdb1ac3859e908475bc69b239435a

    • SHA1

      251dcbd7385c20b02a7a9dfce1270b834c5d4659

    • SHA256

      2e801601f6fbfc97bb5a991bd4a4b92ea591eabe70d7d86a6eac26549fcfab5d

    • SHA512

      2c5b2ee91a4347f477c7ff802b1b562f548a8bc45c08fde06ec359c221f07f921291e46bf639377ef5cf20f7581e1d40b0e008c26ea89812f05ea73565093bc5

    • SSDEEP

      6144:ecTKOC7+0H3uMAKbUQ8qfH4umdyJRVP+C5XYo9zZ1FKGUOUTE6qJWoDU0v+Dudrr:eWqH3D3bUQ8qfH4byJRV2CNYYBKGUOWC

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks