Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Multa_012544502.msi.bin.bin
-
Size
6.4MB
-
Sample
230501-ykh7yagb63
-
MD5
34b4652577806731f50e489999b5b800
-
SHA1
2ea6202b8ceb7b839964ebc2f8db1d7ccad6d3a7
-
SHA256
8774ab405a35ab53a2254ca8f52250ad7f98d9c65c7dcd45632de15e5c447b49
-
SHA512
399dbec0062ef57f2bc5223bb5a55ad47a7bdecd25b8cceca4054bab6aa1f42aa278e4b630ac373e53313825b429888f1f7af6d2755d1999b75a83f119e61781
-
SSDEEP
98304:x+hZETGO7pWl9qZgBkMCMo6f93ncyk7jqNpG1K/hTOz/xFYptMHA:x+bed7pZM26Vsyks5u/xs
Malware Config
Targets
-
-
Target
Multa_012544502.msi.bin.bin
-
Size
6.4MB
-
MD5
34b4652577806731f50e489999b5b800
-
SHA1
2ea6202b8ceb7b839964ebc2f8db1d7ccad6d3a7
-
SHA256
8774ab405a35ab53a2254ca8f52250ad7f98d9c65c7dcd45632de15e5c447b49
-
SHA512
399dbec0062ef57f2bc5223bb5a55ad47a7bdecd25b8cceca4054bab6aa1f42aa278e4b630ac373e53313825b429888f1f7af6d2755d1999b75a83f119e61781
-
SSDEEP
98304:x+hZETGO7pWl9qZgBkMCMo6f93ncyk7jqNpG1K/hTOz/xFYptMHA:x+bed7pZM26Vsyks5u/xs
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Blocklisted process makes network request
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-