Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
RFQ-ORS-687.rar
-
Size
386KB
-
Sample
230605-tmdysaab2s
-
MD5
6aa0537e9b8b26895ca8a49ce52dfe04
-
SHA1
01db808809960e0f3805c5edabcb0c5de4628b2a
-
SHA256
001caa90c4a67fab3db5b1e636093441ce3a0e853427940b338da302252af4d0
-
SHA512
18642095b7aa282fdf8652a236da8d347529e7aeb3e27b9dae948b44d7dfa20f293762856211c1de63edfa6a90d86ca4a2da3861560835e802e9c5caaa440988
-
SSDEEP
12288:aE8AQvosI12Tk8idxPI5ouy2FvYjJnqKZ0:x1QvPIyoIxYdlZ0
Static task
static1
Behavioral task
behavioral1
Sample
RFQ-ORS-687.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
RFQ-ORS-687.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
RFQ-ORS-687.exe
-
Size
488KB
-
MD5
0f39a5390cddae67bae83036441c2fe5
-
SHA1
bd15c5c587233a0e5ba13ff477b998bfe61b3239
-
SHA256
5a11425c539015cb537e3640b27b039390df7992b2b4dac403a45c42437a1d7a
-
SHA512
87c63fc3ca27746e3b54d68f5e5ef787501f80add261b06e6e7a93b95df44b238841a2060bb0aa0d3bb102d845c51d42c8b2dc485d4fa9a8e53f084646a3366a
-
SSDEEP
12288:7iq2TDbJgttJTquTCIE9sw1TaPmIWDGnui:7iq1NqDJswA+3Gnui
Score7/10-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-