Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Alien_Wooferr.exe

  • Size

    3.8MB

  • Sample

    231014-3gd62aec64

  • MD5

    07df8b71759fd825a418a7075d4d0552

  • SHA1

    61e116200e4c2119795ffb14ee3221b6022f8141

  • SHA256

    b5c05c9af1f689f1967fb86b3bea8e6b0a72194c60ec7e7603ff0bfb772ddfc7

  • SHA512

    fdfa5133eb4df7f6b358556d0f223cba8152ec9dab3efa6fe7c057fa3cf12ef582d4eed8056cd9c3eddd01bb7df1565aeabd200fe608401cc6fa0a32e867268f

  • SSDEEP

    98304:HIm+0/3Os0J+4kgN37+RjDck6XQ1z0LLlxdBmPab:Hq0/+sM6gNAfcDaomP8

Malware Config

Targets

    • Target

      Alien_Wooferr.exe

    • Size

      3.8MB

    • MD5

      07df8b71759fd825a418a7075d4d0552

    • SHA1

      61e116200e4c2119795ffb14ee3221b6022f8141

    • SHA256

      b5c05c9af1f689f1967fb86b3bea8e6b0a72194c60ec7e7603ff0bfb772ddfc7

    • SHA512

      fdfa5133eb4df7f6b358556d0f223cba8152ec9dab3efa6fe7c057fa3cf12ef582d4eed8056cd9c3eddd01bb7df1565aeabd200fe608401cc6fa0a32e867268f

    • SSDEEP

      98304:HIm+0/3Os0J+4kgN37+RjDck6XQ1z0LLlxdBmPab:Hq0/+sM6gNAfcDaomP8

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Stops running service(s)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks