Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    191645c4267150a507a6d8659101bb6a7ae5c32c719feba3bf04137c2d980ae7

  • Size

    2.5MB

  • Sample

    231011-xtkxfsfg5z

  • MD5

    ed8a89366a796c4d863945b5511a0128

  • SHA1

    9a3656142f12b48c3f72729e94e3571f2eccc26f

  • SHA256

    191645c4267150a507a6d8659101bb6a7ae5c32c719feba3bf04137c2d980ae7

  • SHA512

    79f11587f15df28e35c82faf8df3ad7ab696ad9fe28de96bc778ca5886ee3e923aa14b5dcf3e4cc40b3a84b29b4b89f357d24544b12f3b5668091670d501e307

  • SSDEEP

    49152:GIJ+pFpr6GKCEQeshjkzM53nGbzWt6ne0uvoQQjw88Y:TOFNBKGtkzWyzW10kQ1p

Score
9/10

Malware Config

Targets

    • Target

      191645c4267150a507a6d8659101bb6a7ae5c32c719feba3bf04137c2d980ae7

    • Size

      2.5MB

    • MD5

      ed8a89366a796c4d863945b5511a0128

    • SHA1

      9a3656142f12b48c3f72729e94e3571f2eccc26f

    • SHA256

      191645c4267150a507a6d8659101bb6a7ae5c32c719feba3bf04137c2d980ae7

    • SHA512

      79f11587f15df28e35c82faf8df3ad7ab696ad9fe28de96bc778ca5886ee3e923aa14b5dcf3e4cc40b3a84b29b4b89f357d24544b12f3b5668091670d501e307

    • SSDEEP

      49152:GIJ+pFpr6GKCEQeshjkzM53nGbzWt6ne0uvoQQjw88Y:TOFNBKGtkzWyzW10kQ1p

    Score
    9/10
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks