Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    arphaCrashReport.zip

  • Size

    11.0MB

  • Sample

    231014-b7agzscd22

  • MD5

    95dddca73723455b0ce22258ce1ad17d

  • SHA1

    5b47b6aa6050a48990db883f1f6ba7ce5edc89d1

  • SHA256

    4ad3d6788079f54e92ba7f36e69524b85904ee21e42c89eed0b2bd4fb64f338f

  • SHA512

    31e406e2707e01c4c86b2be7e8750dc90913ef48534773d36e47215334116db9c382368a8052a594d45ebc61bf3376103d78e5607b104751e6e83fdb65757d36

  • SSDEEP

    196608:YdD943lLbOz+ZMzsTClf21JyanYYI5R7PZFvigZTNOpWur10jLEbUt9b1uMjq2:YT43lLqzlzs+121JFnYYcLTNmrJbUt9x

Score
9/10

Malware Config

Targets

    • Target

      arphaCrashReport.exe

    • Size

      206KB

    • MD5

      8521949e487368f1708d68ffcc581665

    • SHA1

      a2c753371ba79eb673ff4987d9044af9c7a1b89b

    • SHA256

      b2ee510d0b5012487dee143b459e4e2fcfb758960d3fe7ec4743552bc91be9e2

    • SHA512

      7722abb534f11dc71ac0797d881eb5c2dee524e19d99c219697efa1037164d92a23a5f098f76e5471f1bcfbcb05b44c497ba85f724267cb70591a448af4358ba

    • SSDEEP

      6144:UJgVV8K6VGrE8y3CtcKn6yv8zRkDVn5iJg:SGQ8y3CtcoRv6i

    Score
    9/10
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      arphadump.dll

    • Size

      10.4MB

    • MD5

      057381c48055743f1826fd6ec098b464

    • SHA1

      9c09a534c22863a73f0544ca6039fdf80e6ddfb8

    • SHA256

      ecb680f6088157193ec5d16246d31669e7153da94fd3ee4273cdac7c9cdcac7b

    • SHA512

      c1123a35155e56ace597af97e67aab3b3a8713e026801f82171e6d32b1c6b64d6b44395d069c0031e9695da557e4c44ec1dc081ed42ec17563cb7f834f944297

    • SSDEEP

      196608:JLPRePJLb2hsDkLsZadle1NEoH+5TNuJKoE0+vDfqMR8xK:JFePJLKhPLsMDe1NxH+5T+e5

    Score
    9/10
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks