Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
05c3352049b6200b125229a07e514b859c6898f71f91f4dc8489c8641616ffd0
-
Size
536KB
-
Sample
221003-b2ws2aahb9
-
MD5
4ab05f44a4ee4aeef3fffd08cf3897d0
-
SHA1
51b28c7b2f16458ef3a86e50014902c02a9e5001
-
SHA256
05c3352049b6200b125229a07e514b859c6898f71f91f4dc8489c8641616ffd0
-
SHA512
fb5a8399c8275a1ab1c355e6daf1a3ae5c565bcf44d52a02ea1f4e2cf66db59249942acc49a2a84368fee685e793a334c00b7fe63cdc974d23f36cab9c8641c0
-
SSDEEP
12288:YqXg1EBXgR86OJqW3o8p8BS0TPt9yJLFk6A/sJJeio:YqFBwODYW3Vp8MA0
Malware Config
Targets
-
-
Target
05c3352049b6200b125229a07e514b859c6898f71f91f4dc8489c8641616ffd0
-
Size
536KB
-
MD5
4ab05f44a4ee4aeef3fffd08cf3897d0
-
SHA1
51b28c7b2f16458ef3a86e50014902c02a9e5001
-
SHA256
05c3352049b6200b125229a07e514b859c6898f71f91f4dc8489c8641616ffd0
-
SHA512
fb5a8399c8275a1ab1c355e6daf1a3ae5c565bcf44d52a02ea1f4e2cf66db59249942acc49a2a84368fee685e793a334c00b7fe63cdc974d23f36cab9c8641c0
-
SSDEEP
12288:YqXg1EBXgR86OJqW3o8p8BS0TPt9yJLFk6A/sJJeio:YqFBwODYW3Vp8MA0
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Looks for VirtualBox Guest Additions in registry
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-