Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7bed3ad93b19db82b353027a3faa0d7c73a08a49fbfff9991b71e4c0579c6dfe

  • Size

    8.2MB

  • Sample

    221125-pabwfaaf21

  • MD5

    5314f9b66878db3fc8733be0a5890d7f

  • SHA1

    2fda2c33e079041a9acbebe186bd6db616c7be0d

  • SHA256

    7bed3ad93b19db82b353027a3faa0d7c73a08a49fbfff9991b71e4c0579c6dfe

  • SHA512

    4bc72d360f906828537e5a0321bec74d97d53537fe720b5a7f0ab508dc3b887b6e7c6cb7ee5a387d079357d50ddee8baab768573d5a939a5ac385b7a429d1bb4

  • SSDEEP

    98304:Tg8NoaGCGg0pL2OIUvKZa3ZnaGgux4QrPSNAPzpUCu+8PCvOLMtqlrynFQyfoIod:TN1m9vGapaGHrXzpUCelcIkPQIot96

Score
9/10

Malware Config

Targets

    • Target

      7bed3ad93b19db82b353027a3faa0d7c73a08a49fbfff9991b71e4c0579c6dfe

    • Size

      8.2MB

    • MD5

      5314f9b66878db3fc8733be0a5890d7f

    • SHA1

      2fda2c33e079041a9acbebe186bd6db616c7be0d

    • SHA256

      7bed3ad93b19db82b353027a3faa0d7c73a08a49fbfff9991b71e4c0579c6dfe

    • SHA512

      4bc72d360f906828537e5a0321bec74d97d53537fe720b5a7f0ab508dc3b887b6e7c6cb7ee5a387d079357d50ddee8baab768573d5a939a5ac385b7a429d1bb4

    • SSDEEP

      98304:Tg8NoaGCGg0pL2OIUvKZa3ZnaGgux4QrPSNAPzpUCu+8PCvOLMtqlrynFQyfoIod:TN1m9vGapaGHrXzpUCelcIkPQIot96

    Score
    9/10
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks