Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3ac05c5c36b18ea0ec1070096f55534ecebd2585d37e423594c10c5cda1fda96

  • Size

    3.4MB

  • Sample

    230314-zg3mvabf5v

  • MD5

    cf0aefcd52645b6769a942afac9af1c3

  • SHA1

    cc5ce79ee910b1f4993dba0cda23dfd2c4488264

  • SHA256

    3ac05c5c36b18ea0ec1070096f55534ecebd2585d37e423594c10c5cda1fda96

  • SHA512

    f37e495dfeab55078a366352c733c4488e3fc727e83a1689aa6458206cae8eabc0dd54966fbf24735bffda86836e1858841173e7d78ac9575295dadcc74cca24

  • SSDEEP

    98304:Mna5Gkonx+t5bHJmSwD2jCgQIr/84IVuTPYFw:ea5InxsjmTK+gQIjCw3

Malware Config

Targets

    • Target

      3ac05c5c36b18ea0ec1070096f55534ecebd2585d37e423594c10c5cda1fda96

    • Size

      3.4MB

    • MD5

      cf0aefcd52645b6769a942afac9af1c3

    • SHA1

      cc5ce79ee910b1f4993dba0cda23dfd2c4488264

    • SHA256

      3ac05c5c36b18ea0ec1070096f55534ecebd2585d37e423594c10c5cda1fda96

    • SHA512

      f37e495dfeab55078a366352c733c4488e3fc727e83a1689aa6458206cae8eabc0dd54966fbf24735bffda86836e1858841173e7d78ac9575295dadcc74cca24

    • SSDEEP

      98304:Mna5Gkonx+t5bHJmSwD2jCgQIr/84IVuTPYFw:ea5InxsjmTK+gQIjCw3

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Modifies file permissions

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks