Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2121dff62b134d19fca570d5de76b0e09b6f48eb0600daeca7a51ce4f2ba9c5f
-
Size
7.3MB
-
Sample
231011-wswrwsdh9y
-
MD5
2274f5ddcf0124b5a123a163f0a5217a
-
SHA1
91439e901de05d3ef392cae755e04376722d7122
-
SHA256
2121dff62b134d19fca570d5de76b0e09b6f48eb0600daeca7a51ce4f2ba9c5f
-
SHA512
514129a2000932593d62db677e04c1989dab41c47536f5f6964d09a3d8706cd8abefcbc3ccfeeeb3af5019daab39e74f059d669a890bf4242cb4fc9de2fbfc53
-
SSDEEP
196608:60XL4uLmMzeXX6s7uze9DUL25cQYlIf9UOt+:6G4LMzeXqsr9HOLaf2Ot+
Behavioral task
behavioral1
Sample
2121dff62b134d19fca570d5de76b0e09b6f48eb0600daeca7a51ce4f2ba9c5f.exe
Resource
win7-20230831-en
Malware Config
Targets
-
-
Target
2121dff62b134d19fca570d5de76b0e09b6f48eb0600daeca7a51ce4f2ba9c5f
-
Size
7.3MB
-
MD5
2274f5ddcf0124b5a123a163f0a5217a
-
SHA1
91439e901de05d3ef392cae755e04376722d7122
-
SHA256
2121dff62b134d19fca570d5de76b0e09b6f48eb0600daeca7a51ce4f2ba9c5f
-
SHA512
514129a2000932593d62db677e04c1989dab41c47536f5f6964d09a3d8706cd8abefcbc3ccfeeeb3af5019daab39e74f059d669a890bf4242cb4fc9de2fbfc53
-
SSDEEP
196608:60XL4uLmMzeXX6s7uze9DUL25cQYlIf9UOt+:6G4LMzeXqsr9HOLaf2Ot+
-
Detect Blackmoon payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-