Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b619b90da58a03c1d49d799c463acec5398ede0b400fbd71e157cff11048f67c

  • Size

    1.2MB

  • Sample

    221030-w1vjssded7

  • MD5

    828ebb19329d4b63681a0ab8acd43999

  • SHA1

    bf84407e48946d81ebeeb474c0e9a16c083dc923

  • SHA256

    b619b90da58a03c1d49d799c463acec5398ede0b400fbd71e157cff11048f67c

  • SHA512

    789386c67517c1e9da7e6cb6075b947c3b8aadb3a79421eb1cf558d5603e203fa0afa339a2ce07aea05357be70501d13d1b9923d53515e02de9ba2ea5810ad9d

  • SSDEEP

    24576:SrRkxJENxUeRivJ07+imj6kWC/U1nvAxiFtggCGh0mQpGg:Sd6IUeovJL6kWWyaiFtggCsm

Malware Config

Targets

    • Target

      b619b90da58a03c1d49d799c463acec5398ede0b400fbd71e157cff11048f67c

    • Size

      1.2MB

    • MD5

      828ebb19329d4b63681a0ab8acd43999

    • SHA1

      bf84407e48946d81ebeeb474c0e9a16c083dc923

    • SHA256

      b619b90da58a03c1d49d799c463acec5398ede0b400fbd71e157cff11048f67c

    • SHA512

      789386c67517c1e9da7e6cb6075b947c3b8aadb3a79421eb1cf558d5603e203fa0afa339a2ce07aea05357be70501d13d1b9923d53515e02de9ba2ea5810ad9d

    • SSDEEP

      24576:SrRkxJENxUeRivJ07+imj6kWC/U1nvAxiFtggCGh0mQpGg:Sd6IUeovJL6kWWyaiFtggCsm

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Adds Run key to start application

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks