Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    3.9MB

  • Sample

    231024-ktap9sdf67

  • MD5

    6c13146feeabc071309b41335514bf99

  • SHA1

    127ba6047bdbc24d66a2be4d975bfc8d8bbf3808

  • SHA256

    c630fc1a9602a939621027c5c7c6be78e598b66d86fec0ed103ebae22fc99577

  • SHA512

    f617e7168a9b4848d2278bdc5dd0cd8986f47300d58644121adc43c7236333ba8474309ce25be96709103e5ee1a4f3e62471b1fc2e876c347505920965144a0e

  • SSDEEP

    49152:9Zt7mOXOJ79zFO/xx25/g0wDHIhQXjoLBaBhIT2iL54oU6Hhs2WtuHr1j7jEuPYM:9/hOJYrVjIhQXEiil7H6pSJpY3ZU0zK

Malware Config

Targets

    • Target

      file.exe

    • Size

      3.9MB

    • MD5

      6c13146feeabc071309b41335514bf99

    • SHA1

      127ba6047bdbc24d66a2be4d975bfc8d8bbf3808

    • SHA256

      c630fc1a9602a939621027c5c7c6be78e598b66d86fec0ed103ebae22fc99577

    • SHA512

      f617e7168a9b4848d2278bdc5dd0cd8986f47300d58644121adc43c7236333ba8474309ce25be96709103e5ee1a4f3e62471b1fc2e876c347505920965144a0e

    • SSDEEP

      49152:9Zt7mOXOJ79zFO/xx25/g0wDHIhQXjoLBaBhIT2iL54oU6Hhs2WtuHr1j7jEuPYM:9/hOJYrVjIhQXEiil7H6pSJpY3ZU0zK

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks