Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Setup.exe

  • Size

    783.5MB

  • Sample

    231014-a1b7kaga5y

  • MD5

    817253cf5dc8a905570628262ce8dc8d

  • SHA1

    6e9a97e7a8da171d008551689d62cff883b54497

  • SHA256

    c0c25d7587b5ebb4677121d96378bd88e6da0919bf4f243a4e239ef52b4edd80

  • SHA512

    c4d9411432b390182509b912cf99640d4a0470d0119798b93bb28e513eec678234881b8f2eeb87a8d153bcc7733ee35bd52a730283514a69d3ad2f1b36c5290f

  • SSDEEP

    196608:JxmrO2BhTD1XyRrz4+SfCNKmuYpzbzzCoMs1zqAL178EaR:JeRBN9s1mCNjpXzzCvAZ73aR

Malware Config

Targets

    • Target

      Setup.exe

    • Size

      783.5MB

    • MD5

      817253cf5dc8a905570628262ce8dc8d

    • SHA1

      6e9a97e7a8da171d008551689d62cff883b54497

    • SHA256

      c0c25d7587b5ebb4677121d96378bd88e6da0919bf4f243a4e239ef52b4edd80

    • SHA512

      c4d9411432b390182509b912cf99640d4a0470d0119798b93bb28e513eec678234881b8f2eeb87a8d153bcc7733ee35bd52a730283514a69d3ad2f1b36c5290f

    • SSDEEP

      196608:JxmrO2BhTD1XyRrz4+SfCNKmuYpzbzzCoMs1zqAL178EaR:JeRBN9s1mCNjpXzzCvAZ73aR

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks