Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    05c3352049b6200b125229a07e514b859c6898f71f91f4dc8489c8641616ffd0

  • Size

    536KB

  • Sample

    221003-b2ws2aahb9

  • MD5

    4ab05f44a4ee4aeef3fffd08cf3897d0

  • SHA1

    51b28c7b2f16458ef3a86e50014902c02a9e5001

  • SHA256

    05c3352049b6200b125229a07e514b859c6898f71f91f4dc8489c8641616ffd0

  • SHA512

    fb5a8399c8275a1ab1c355e6daf1a3ae5c565bcf44d52a02ea1f4e2cf66db59249942acc49a2a84368fee685e793a334c00b7fe63cdc974d23f36cab9c8641c0

  • SSDEEP

    12288:YqXg1EBXgR86OJqW3o8p8BS0TPt9yJLFk6A/sJJeio:YqFBwODYW3Vp8MA0

Score
10/10

Malware Config

Targets

    • Target

      05c3352049b6200b125229a07e514b859c6898f71f91f4dc8489c8641616ffd0

    • Size

      536KB

    • MD5

      4ab05f44a4ee4aeef3fffd08cf3897d0

    • SHA1

      51b28c7b2f16458ef3a86e50014902c02a9e5001

    • SHA256

      05c3352049b6200b125229a07e514b859c6898f71f91f4dc8489c8641616ffd0

    • SHA512

      fb5a8399c8275a1ab1c355e6daf1a3ae5c565bcf44d52a02ea1f4e2cf66db59249942acc49a2a84368fee685e793a334c00b7fe63cdc974d23f36cab9c8641c0

    • SSDEEP

      12288:YqXg1EBXgR86OJqW3o8p8BS0TPt9yJLFk6A/sJJeio:YqFBwODYW3Vp8MA0

    Score
    10/10
    • Modifies visiblity of hidden/system files in Explorer

    • Looks for VirtualBox Guest Additions in registry

    • Adds policy Run key to start application

    • Executes dropped EXE

    • Looks for VMWare Tools registry key

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks