Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    supervoicechanger-9-7-6-6.exe

  • Size

    4.7MB

  • Sample

    230315-aynsksce41

  • MD5

    4b6b68dc27bc111303202b5984c7e4a7

  • SHA1

    8bba5052ee13a9158a34892e4c8b1e9526d3b4cc

  • SHA256

    1f99c907966636e8e0712d4171078ef3ad5f2fc838d690df1e17139e5744a20f

  • SHA512

    047adf89ae49df27e14bbd8adf261c7fc631e02063fafa2a358fa178810c560254e58b21793074ba5b5defbc9ed2f91c0eb39739f4d777dc4bc3238a4f8b89a9

  • SSDEEP

    98304:Z60sgkACFDbaIjl5ydTJEr0hIJ4xc789LgkbbLqeqO9CW1X:kDDFpA5JErJZw9L7P+TO9LB

Malware Config

Targets

    • Target

      supervoicechanger-9-7-6-6.exe

    • Size

      4.7MB

    • MD5

      4b6b68dc27bc111303202b5984c7e4a7

    • SHA1

      8bba5052ee13a9158a34892e4c8b1e9526d3b4cc

    • SHA256

      1f99c907966636e8e0712d4171078ef3ad5f2fc838d690df1e17139e5744a20f

    • SHA512

      047adf89ae49df27e14bbd8adf261c7fc631e02063fafa2a358fa178810c560254e58b21793074ba5b5defbc9ed2f91c0eb39739f4d777dc4bc3238a4f8b89a9

    • SSDEEP

      98304:Z60sgkACFDbaIjl5ydTJEr0hIJ4xc789LgkbbLqeqO9CW1X:kDDFpA5JErJZw9L7P+TO9LB

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks