Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
191645c4267150a507a6d8659101bb6a7ae5c32c719feba3bf04137c2d980ae7
-
Size
2.5MB
-
Sample
231011-xtkxfsfg5z
-
MD5
ed8a89366a796c4d863945b5511a0128
-
SHA1
9a3656142f12b48c3f72729e94e3571f2eccc26f
-
SHA256
191645c4267150a507a6d8659101bb6a7ae5c32c719feba3bf04137c2d980ae7
-
SHA512
79f11587f15df28e35c82faf8df3ad7ab696ad9fe28de96bc778ca5886ee3e923aa14b5dcf3e4cc40b3a84b29b4b89f357d24544b12f3b5668091670d501e307
-
SSDEEP
49152:GIJ+pFpr6GKCEQeshjkzM53nGbzWt6ne0uvoQQjw88Y:TOFNBKGtkzWyzW10kQ1p
Malware Config
Targets
-
-
Target
191645c4267150a507a6d8659101bb6a7ae5c32c719feba3bf04137c2d980ae7
-
Size
2.5MB
-
MD5
ed8a89366a796c4d863945b5511a0128
-
SHA1
9a3656142f12b48c3f72729e94e3571f2eccc26f
-
SHA256
191645c4267150a507a6d8659101bb6a7ae5c32c719feba3bf04137c2d980ae7
-
SHA512
79f11587f15df28e35c82faf8df3ad7ab696ad9fe28de96bc778ca5886ee3e923aa14b5dcf3e4cc40b3a84b29b4b89f357d24544b12f3b5668091670d501e307
-
SSDEEP
49152:GIJ+pFpr6GKCEQeshjkzM53nGbzWt6ne0uvoQQjw88Y:TOFNBKGtkzWyzW10kQ1p
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-