Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
arphaCrashReport.zip
-
Size
11.0MB
-
Sample
231014-b7agzscd22
-
MD5
95dddca73723455b0ce22258ce1ad17d
-
SHA1
5b47b6aa6050a48990db883f1f6ba7ce5edc89d1
-
SHA256
4ad3d6788079f54e92ba7f36e69524b85904ee21e42c89eed0b2bd4fb64f338f
-
SHA512
31e406e2707e01c4c86b2be7e8750dc90913ef48534773d36e47215334116db9c382368a8052a594d45ebc61bf3376103d78e5607b104751e6e83fdb65757d36
-
SSDEEP
196608:YdD943lLbOz+ZMzsTClf21JyanYYI5R7PZFvigZTNOpWur10jLEbUt9b1uMjq2:YT43lLqzlzs+121JFnYYcLTNmrJbUt9x
Static task
static1
Behavioral task
behavioral1
Sample
arphaCrashReport.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
arphaCrashReport.exe
Resource
win10v2004-20230915-en
Behavioral task
behavioral3
Sample
arphadump.dll
Resource
win7-20230831-en
Behavioral task
behavioral4
Sample
arphadump.dll
Resource
win10v2004-20230915-en
Malware Config
Targets
-
-
Target
arphaCrashReport.exe
-
Size
206KB
-
MD5
8521949e487368f1708d68ffcc581665
-
SHA1
a2c753371ba79eb673ff4987d9044af9c7a1b89b
-
SHA256
b2ee510d0b5012487dee143b459e4e2fcfb758960d3fe7ec4743552bc91be9e2
-
SHA512
7722abb534f11dc71ac0797d881eb5c2dee524e19d99c219697efa1037164d92a23a5f098f76e5471f1bcfbcb05b44c497ba85f724267cb70591a448af4358ba
-
SSDEEP
6144:UJgVV8K6VGrE8y3CtcKn6yv8zRkDVn5iJg:SGQ8y3CtcoRv6i
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
arphadump.dll
-
Size
10.4MB
-
MD5
057381c48055743f1826fd6ec098b464
-
SHA1
9c09a534c22863a73f0544ca6039fdf80e6ddfb8
-
SHA256
ecb680f6088157193ec5d16246d31669e7153da94fd3ee4273cdac7c9cdcac7b
-
SHA512
c1123a35155e56ace597af97e67aab3b3a8713e026801f82171e6d32b1c6b64d6b44395d069c0031e9695da557e4c44ec1dc081ed42ec17563cb7f834f944297
-
SSDEEP
196608:JLPRePJLb2hsDkLsZadle1NEoH+5TNuJKoE0+vDfqMR8xK:JFePJLKhPLsMDe1NxH+5T+e5
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-