Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ec589dcb72e74209d47a1f6ed8e9a1e16250851df9c06c8b9b196499edf01cf5

  • Size

    312KB

  • Sample

    221020-xz55ksbbe8

  • MD5

    4588d6515198e39f1b4f42d3873650a0

  • SHA1

    bc9be43667c91ab79cbd6ed75b572602f95c90c1

  • SHA256

    ec589dcb72e74209d47a1f6ed8e9a1e16250851df9c06c8b9b196499edf01cf5

  • SHA512

    b7580f60785ce34981657d1a2ffe1a36a34b34b88c225c5fee35ae5841024b6c2194945553c0365819ee8b704251ea7ec375f2944549133e1de61f6f3b707cb3

  • SSDEEP

    6144:wRDQklQdJvUq2S9x9bXlw0x4RtLcjXHt7FBaNrWMarMWkwHEo:wRDQklQdJvUhShXS00LcjHthKK1rRao

Score
10/10

Malware Config

Targets

    • Target

      ec589dcb72e74209d47a1f6ed8e9a1e16250851df9c06c8b9b196499edf01cf5

    • Size

      312KB

    • MD5

      4588d6515198e39f1b4f42d3873650a0

    • SHA1

      bc9be43667c91ab79cbd6ed75b572602f95c90c1

    • SHA256

      ec589dcb72e74209d47a1f6ed8e9a1e16250851df9c06c8b9b196499edf01cf5

    • SHA512

      b7580f60785ce34981657d1a2ffe1a36a34b34b88c225c5fee35ae5841024b6c2194945553c0365819ee8b704251ea7ec375f2944549133e1de61f6f3b707cb3

    • SSDEEP

      6144:wRDQklQdJvUq2S9x9bXlw0x4RtLcjXHt7FBaNrWMarMWkwHEo:wRDQklQdJvUhShXS00LcjHthKK1rRao

    Score
    10/10
    • Modifies visiblity of hidden/system files in Explorer

    • Looks for VirtualBox Guest Additions in registry

    • Adds policy Run key to start application

    • Executes dropped EXE

    • Looks for VMWare Tools registry key

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Deletes itself

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks