Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    RFQ-ORS-687.rar

  • Size

    386KB

  • Sample

    230605-tmdysaab2s

  • MD5

    6aa0537e9b8b26895ca8a49ce52dfe04

  • SHA1

    01db808809960e0f3805c5edabcb0c5de4628b2a

  • SHA256

    001caa90c4a67fab3db5b1e636093441ce3a0e853427940b338da302252af4d0

  • SHA512

    18642095b7aa282fdf8652a236da8d347529e7aeb3e27b9dae948b44d7dfa20f293762856211c1de63edfa6a90d86ca4a2da3861560835e802e9c5caaa440988

  • SSDEEP

    12288:aE8AQvosI12Tk8idxPI5ouy2FvYjJnqKZ0:x1QvPIyoIxYdlZ0

Score
7/10

Malware Config

Targets

    • Target

      RFQ-ORS-687.exe

    • Size

      488KB

    • MD5

      0f39a5390cddae67bae83036441c2fe5

    • SHA1

      bd15c5c587233a0e5ba13ff477b998bfe61b3239

    • SHA256

      5a11425c539015cb537e3640b27b039390df7992b2b4dac403a45c42437a1d7a

    • SHA512

      87c63fc3ca27746e3b54d68f5e5ef787501f80add261b06e6e7a93b95df44b238841a2060bb0aa0d3bb102d845c51d42c8b2dc485d4fa9a8e53f084646a3366a

    • SSDEEP

      12288:7iq2TDbJgttJTquTCIE9sw1TaPmIWDGnui:7iq1NqDJswA+3Gnui

    Score
    7/10
    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks