Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    97065f6e95349a8d708967e98786d58a294240be5b245bac8c03e049e8a6957e

  • Size

    881KB

  • Sample

    221030-s2n7mahdbq

  • MD5

    819cdb4ca01762e5911433e9089612c0

  • SHA1

    52502551c3aa53489f5dc5b10008f6287201159c

  • SHA256

    97065f6e95349a8d708967e98786d58a294240be5b245bac8c03e049e8a6957e

  • SHA512

    55f6ccc14a6e0d2001dda6e748bed61f7a24efa66919a3cf122f20e27aaee3d6594084cc3c75accbdb5d1732b8b4112a390ce3ecc3ecddf6b47f15a1b12d3a03

  • SSDEEP

    12288:t9NWCNX8CfYUW2SSPALm6KEj+YYiASpUQlzuQqiuOf5zpzoGxQNVb4Ky7Gd4LmrP:t9MCwX2Se6K5jSpFlaiu2hhx0pmLmnj

Score
9/10

Malware Config

Targets

    • Target

      97065f6e95349a8d708967e98786d58a294240be5b245bac8c03e049e8a6957e

    • Size

      881KB

    • MD5

      819cdb4ca01762e5911433e9089612c0

    • SHA1

      52502551c3aa53489f5dc5b10008f6287201159c

    • SHA256

      97065f6e95349a8d708967e98786d58a294240be5b245bac8c03e049e8a6957e

    • SHA512

      55f6ccc14a6e0d2001dda6e748bed61f7a24efa66919a3cf122f20e27aaee3d6594084cc3c75accbdb5d1732b8b4112a390ce3ecc3ecddf6b47f15a1b12d3a03

    • SSDEEP

      12288:t9NWCNX8CfYUW2SSPALm6KEj+YYiASpUQlzuQqiuOf5zpzoGxQNVb4Ky7Gd4LmrP:t9MCwX2Se6K5jSpFlaiu2hhx0pmLmnj

    Score
    9/10
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Adds Run key to start application

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks