Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
WS.Filmora.11.7.3.814.w64.rar
-
Size
471.9MB
-
Sample
230203-wa1m5agd53
-
MD5
4c80d5d58c201cb78fd5af10000cf85d
-
SHA1
041356b6fee6ebcde2a769c43d3c99afa22f5c6d
-
SHA256
4a386815be0781d9ec8defe96bf6818f196b28a1c484357733b13bd8804f2f85
-
SHA512
3240123d22aeeca127b75804657ef83882738f77ec6beaec4a41a860d2e2b02395ea73857e15b9b225d0a3c922c5b918bdfadd408a89e43884b0f61206dcad27
-
SSDEEP
12582912:MZDK+XshsBiG+0e5yb/ORHC0WO9sjzUV4s7AesKarfAn1eqtlju:EDK+cSiGR5b/wi0W0lV1Mes1Angula
Static task
static1
Malware Config
Targets
-
-
Target
WS.Filmora.11.7.3.814.w64.rar
-
Size
471.9MB
-
MD5
4c80d5d58c201cb78fd5af10000cf85d
-
SHA1
041356b6fee6ebcde2a769c43d3c99afa22f5c6d
-
SHA256
4a386815be0781d9ec8defe96bf6818f196b28a1c484357733b13bd8804f2f85
-
SHA512
3240123d22aeeca127b75804657ef83882738f77ec6beaec4a41a860d2e2b02395ea73857e15b9b225d0a3c922c5b918bdfadd408a89e43884b0f61206dcad27
-
SSDEEP
12582912:MZDK+XshsBiG+0e5yb/ORHC0WO9sjzUV4s7AesKarfAn1eqtlju:EDK+cSiGR5b/wi0W0lV1Mes1Angula
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Drops file in Drivers directory
-
Modifies Installed Components in the registry
-
Modifies Windows Firewall
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-