Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Walmart Chile.docx

  • Size

    2.1MB

  • Sample

    230707-bxfk9aga5s

  • MD5

    10855e072a3f1b63dd1fba4d046f85df

  • SHA1

    43b86db7dd82d47c7529e2ae6fd4571c9b053d16

  • SHA256

    7a5ec8b7d0dc8c6c958ef89a99b6c20b5196608093c45e3dc4aff904efdc5451

  • SHA512

    6eb3a4ecd841438fd8ab9d9c8ee1a116b99bdc82c9c0533126f6aff6930d24a12b42ea12288bc057628bba236b5c7dbdbce642c4f4dc9dc93816a3b3bcc8fc52

  • SSDEEP

    49152:YQrvcN0R6DjTlBn07ji2pL9y+oNZPEkaf/ugaFmJ:YQkNBrIji2pLk+oIfHugwI

Score
9/10

Malware Config

Targets

    • Target

      Walmart Chile.docx

    • Size

      2.1MB

    • MD5

      10855e072a3f1b63dd1fba4d046f85df

    • SHA1

      43b86db7dd82d47c7529e2ae6fd4571c9b053d16

    • SHA256

      7a5ec8b7d0dc8c6c958ef89a99b6c20b5196608093c45e3dc4aff904efdc5451

    • SHA512

      6eb3a4ecd841438fd8ab9d9c8ee1a116b99bdc82c9c0533126f6aff6930d24a12b42ea12288bc057628bba236b5c7dbdbce642c4f4dc9dc93816a3b3bcc8fc52

    • SSDEEP

      49152:YQrvcN0R6DjTlBn07ji2pL9y+oNZPEkaf/ugaFmJ:YQkNBrIji2pLk+oIfHugwI

    Score
    9/10
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks