Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d50748b418dc352001f3d20921549268758f9d2edddd3fea484a98f83ebd3227

  • Size

    7.1MB

  • Sample

    230301-wzyj3ahe55

  • MD5

    68557640db8a8e7225375079c5b74f58

  • SHA1

    41b0182f4683af9ac1444393539cad5480379b4f

  • SHA256

    d50748b418dc352001f3d20921549268758f9d2edddd3fea484a98f83ebd3227

  • SHA512

    5253729192c55c74166ccc701e8440154970b8fc412b50b9d778f0bde9457e78babbe28c22e7384b5933f9406eb4ef0f6ce3031fe7284b5e29b775fc103e19e4

  • SSDEEP

    98304:93EiL1pkOfylVETSX8zBVOzbtscJeikbAF5:1l5bFi8NVbbPkF5

Malware Config

Targets

    • Target

      d50748b418dc352001f3d20921549268758f9d2edddd3fea484a98f83ebd3227

    • Size

      7.1MB

    • MD5

      68557640db8a8e7225375079c5b74f58

    • SHA1

      41b0182f4683af9ac1444393539cad5480379b4f

    • SHA256

      d50748b418dc352001f3d20921549268758f9d2edddd3fea484a98f83ebd3227

    • SHA512

      5253729192c55c74166ccc701e8440154970b8fc412b50b9d778f0bde9457e78babbe28c22e7384b5933f9406eb4ef0f6ce3031fe7284b5e29b775fc103e19e4

    • SSDEEP

      98304:93EiL1pkOfylVETSX8zBVOzbtscJeikbAF5:1l5bFi8NVbbPkF5

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Creates new service(s)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks