Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9656908ef92923f268a56bad8597742e.bin

  • Size

    10.8MB

  • Sample

    230413-b1xc6shh7z

  • MD5

    9656908ef92923f268a56bad8597742e

  • SHA1

    55c98438a78365e27b67b5dd8f2b750c31cc4b8f

  • SHA256

    58941ddaab5ecb07804f5ce07c6b8235e92328c2a8b8b5b2348ec9b0fbb68133

  • SHA512

    446d969ece471271c5ec0ac962119398c9cf659967a2788a14433953c75e73e7c3f87c87a540c41e63c25957cfec0727582ec86972f0afec0e932867e2d07380

  • SSDEEP

    196608:cYEHliAFTZxEIZOo7fgKotyHQvL7ZYrmh4nxoDjXHpl1RajX0kkD5ZLGmtr:cYEZDEeHbDoowvkmh4xKfajPgZamtr

Malware Config

Targets

    • Target

      9656908ef92923f268a56bad8597742e.bin

    • Size

      10.8MB

    • MD5

      9656908ef92923f268a56bad8597742e

    • SHA1

      55c98438a78365e27b67b5dd8f2b750c31cc4b8f

    • SHA256

      58941ddaab5ecb07804f5ce07c6b8235e92328c2a8b8b5b2348ec9b0fbb68133

    • SHA512

      446d969ece471271c5ec0ac962119398c9cf659967a2788a14433953c75e73e7c3f87c87a540c41e63c25957cfec0727582ec86972f0afec0e932867e2d07380

    • SSDEEP

      196608:cYEHliAFTZxEIZOo7fgKotyHQvL7ZYrmh4nxoDjXHpl1RajX0kkD5ZLGmtr:cYEZDEeHbDoowvkmh4xKfajPgZamtr

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks