Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ec589dcb72e74209d47a1f6ed8e9a1e16250851df9c06c8b9b196499edf01cf5
-
Size
312KB
-
Sample
221020-xz55ksbbe8
-
MD5
4588d6515198e39f1b4f42d3873650a0
-
SHA1
bc9be43667c91ab79cbd6ed75b572602f95c90c1
-
SHA256
ec589dcb72e74209d47a1f6ed8e9a1e16250851df9c06c8b9b196499edf01cf5
-
SHA512
b7580f60785ce34981657d1a2ffe1a36a34b34b88c225c5fee35ae5841024b6c2194945553c0365819ee8b704251ea7ec375f2944549133e1de61f6f3b707cb3
-
SSDEEP
6144:wRDQklQdJvUq2S9x9bXlw0x4RtLcjXHt7FBaNrWMarMWkwHEo:wRDQklQdJvUhShXS00LcjHthKK1rRao
Static task
static1
Behavioral task
behavioral1
Sample
ec589dcb72e74209d47a1f6ed8e9a1e16250851df9c06c8b9b196499edf01cf5.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
ec589dcb72e74209d47a1f6ed8e9a1e16250851df9c06c8b9b196499edf01cf5.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
ec589dcb72e74209d47a1f6ed8e9a1e16250851df9c06c8b9b196499edf01cf5
-
Size
312KB
-
MD5
4588d6515198e39f1b4f42d3873650a0
-
SHA1
bc9be43667c91ab79cbd6ed75b572602f95c90c1
-
SHA256
ec589dcb72e74209d47a1f6ed8e9a1e16250851df9c06c8b9b196499edf01cf5
-
SHA512
b7580f60785ce34981657d1a2ffe1a36a34b34b88c225c5fee35ae5841024b6c2194945553c0365819ee8b704251ea7ec375f2944549133e1de61f6f3b707cb3
-
SSDEEP
6144:wRDQklQdJvUq2S9x9bXlw0x4RtLcjXHt7FBaNrWMarMWkwHEo:wRDQklQdJvUhShXS00LcjHthKK1rRao
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Looks for VirtualBox Guest Additions in registry
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-