Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Release-x64 (1).zip

  • Size

    22.1MB

  • Sample

    230615-pn2zsagg6v

  • MD5

    02308f5d3fd4d0dca0b1b84409124693

  • SHA1

    35f50b2cb9fe936037c8ddf9533d25598e1568ad

  • SHA256

    86d04cd48601528014a0781d1d491e033f88c7ef30d016103d5a8c4c04b07d3f

  • SHA512

    bb4e486e88deab530ef0109821b428166e7c6c444a76fe89ef4e5473c2766918ded17683600c68b5844e889b53fbe2d5c17ad0e505c1dc988854003f23cde547

  • SSDEEP

    393216:uve5n24qm5ASHAep8IBz15m5l5ObLC4u54hXl87Vy4QO5X4Lfut6jA66k:uW124n5ASHAedBRkQLC4u54mVy4QO5XO

Score
10/10

Malware Config

Targets

    • Target

      HoYoKProtect.dll

    • Size

      35.2MB

    • MD5

      e5d96d21d67f7bad6c322e38ad07f923

    • SHA1

      e9522287a4899f2c635705d93c5791986fd34461

    • SHA256

      ce013c6c0390979c05021d83edac4fbce3aaed26bd3b5a4b38ad64fb50871826

    • SHA512

      f1772609552e1d39f4feb2e2fab9bb6738e4f1761843b7bdb59fc6ddb5c72d784ce024860f5b1da44daa840626018efbacd8cbd5320fe61cbf27145d3708c760

    • SSDEEP

      786432:RmJR64tcoCK+n6dw2Ptc5qWiTBW8PvyCA51rwigv:RO4K+n69RA8iCA70d

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      injector.exe

    • Size

      895KB

    • MD5

      625cccce906ba1efeb397aa4cfb29fb1

    • SHA1

      63428046620eb25022f0dd049a9c425ae6aaad0c

    • SHA256

      c6d4ca13c529a0b7a808f46c35543d63518f8edf27e308fecbf142057437076c

    • SHA512

      89e0c78b1c68725496ad88b2f2bd4387dd2a9246c689702669ea32072494333553271db05958e534f8001c50eb58f9d81d1a5262b1023bb4caf156c834fbad9a

    • SSDEEP

      12288:qDdBrBoEvs6TnSEl1yt6zzng0Lw5sK9k5gfwhbAwJSPFHPx3Z9HZCDQM:0PdoGtRnK9k5gfwhbXJSPFvhZ95CDN

    Score
    10/10
    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks