Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    85e1ecc1992015d6f946a183ceaaf9e022fbcc36bdb2a7fa13bf2337f9c60c38

  • Size

    998KB

  • Sample

    221203-2ab8esee9v

  • MD5

    fd4fa44ae6b548123f7b136fb1811be9

  • SHA1

    426fe9207035c449b6fbd9e25bfeed5550e2bf94

  • SHA256

    85e1ecc1992015d6f946a183ceaaf9e022fbcc36bdb2a7fa13bf2337f9c60c38

  • SHA512

    457ba7a8acb1c0fd28bf143aa548dc8fb918d7edcf44ef83946e63a7ef95d3ba6a85caa49f80028e9f43522b8f62699c2af9794909e63f4391d95607cc70208f

  • SSDEEP

    24576:UeVlmJUzOLgGGDu/DtJvTyHOeF/l43kdz5oy1p:UriSLgPDQDtJvaOeY3kdz5

Malware Config

Targets

    • Target

      85e1ecc1992015d6f946a183ceaaf9e022fbcc36bdb2a7fa13bf2337f9c60c38

    • Size

      998KB

    • MD5

      fd4fa44ae6b548123f7b136fb1811be9

    • SHA1

      426fe9207035c449b6fbd9e25bfeed5550e2bf94

    • SHA256

      85e1ecc1992015d6f946a183ceaaf9e022fbcc36bdb2a7fa13bf2337f9c60c38

    • SHA512

      457ba7a8acb1c0fd28bf143aa548dc8fb918d7edcf44ef83946e63a7ef95d3ba6a85caa49f80028e9f43522b8f62699c2af9794909e63f4391d95607cc70208f

    • SSDEEP

      24576:UeVlmJUzOLgGGDu/DtJvTyHOeF/l43kdz5oy1p:UriSLgPDQDtJvaOeY3kdz5

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Checks whether UAC is enabled

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks