Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    VMware-workstation-full-16.2.4-20089737.exe

  • Size

    615.6MB

  • Sample

    220923-ef9pjsdag2

  • MD5

    d60f20003600b70defb72215417aadee

  • SHA1

    b89035349ad4894e1837b81e3e826ca4572f4f88

  • SHA256

    758f7211d631b2b5b52df7214485fe2082661e5ba18054c8d91be0d7e27dbb2f

  • SHA512

    e9be925c8d3fe9fe81383398709fa4a992ccf2a50b833421ff54d629b1088cb8a773af64c87bed3c513f03a6a84f8eb5001f8cf52f895808c6f002c49d44abfe

  • SSDEEP

    12582912:HsiQc7JR+tkXSznRL4KY0XxCDhc/jVPil7pbuhbKDe0uDe07:MiQc7JR+tMSznJY0XxCD6/jVPil7pbDi

Score
8/10

Malware Config

Targets

    • Target

      VMware-workstation-full-16.2.4-20089737.exe

    • Size

      615.6MB

    • MD5

      d60f20003600b70defb72215417aadee

    • SHA1

      b89035349ad4894e1837b81e3e826ca4572f4f88

    • SHA256

      758f7211d631b2b5b52df7214485fe2082661e5ba18054c8d91be0d7e27dbb2f

    • SHA512

      e9be925c8d3fe9fe81383398709fa4a992ccf2a50b833421ff54d629b1088cb8a773af64c87bed3c513f03a6a84f8eb5001f8cf52f895808c6f002c49d44abfe

    • SSDEEP

      12582912:HsiQc7JR+tkXSznRL4KY0XxCDhc/jVPil7pbuhbKDe0uDe07:MiQc7JR+tMSznJY0XxCD6/jVPil7pbDi

    Score
    8/10
    • Executes dropped EXE

    • Looks for VMWare Tools registry key

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v6

Tasks