Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    589f74dd5933296442d85eec9b0060a321ac8bd49569693134cf7d6c9864ea7f

  • Size

    3.5MB

  • Sample

    230329-w72axshd77

  • MD5

    f8d05ec22a180070e25d97e048c3cad6

  • SHA1

    e675caa4e33775a22eac968befbafb8f81cd681b

  • SHA256

    589f74dd5933296442d85eec9b0060a321ac8bd49569693134cf7d6c9864ea7f

  • SHA512

    c559ad8ae219fac02cd61e1fbe2938697a0186f1de368b0aa572dff5386b46e73ca1b808266d034495a26a684ea214342dee466b6d09b3a317a0a8a38028e749

  • SSDEEP

    49152:GICgYIBuLxcnsis7wVFEIRmQJcCT7KZLDMGLRwHyp9lcOP7UuziMddsruFXKQnLw:jYdxcnsEcI4QJhOOHyuM4u+UdJAqERL

Malware Config

Targets

    • Target

      589f74dd5933296442d85eec9b0060a321ac8bd49569693134cf7d6c9864ea7f

    • Size

      3.5MB

    • MD5

      f8d05ec22a180070e25d97e048c3cad6

    • SHA1

      e675caa4e33775a22eac968befbafb8f81cd681b

    • SHA256

      589f74dd5933296442d85eec9b0060a321ac8bd49569693134cf7d6c9864ea7f

    • SHA512

      c559ad8ae219fac02cd61e1fbe2938697a0186f1de368b0aa572dff5386b46e73ca1b808266d034495a26a684ea214342dee466b6d09b3a317a0a8a38028e749

    • SSDEEP

      49152:GICgYIBuLxcnsis7wVFEIRmQJcCT7KZLDMGLRwHyp9lcOP7UuziMddsruFXKQnLw:jYdxcnsEcI4QJhOOHyuM4u+UdJAqERL

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Modifies file permissions

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks