Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    msi_protected.exe

  • Size

    3.5MB

  • Sample

    231103-decsraba4s

  • MD5

    4222676b7217f462942c70555495e07d

  • SHA1

    51f10885196d274d47261f37e42490ede35d0489

  • SHA256

    8317fc0d549e4780499cb906ce067667ff8ffe0e384eba51dcbb6154d24956ca

  • SHA512

    bcd0ec4ad70be30a682192b34aa164340dc8f8ead2930cbae0a01658e1f5e42893cbad67164b68e3329a5e4cce1c9a7b9c99e03a67c08d41b16e8b3608820b24

  • SSDEEP

    98304:pB1fLV94nPe+4ey7LWqzTKJpFw2HmtL3Z+CF/:tTV94nPe+4B7LXzTKJLq/

Malware Config

Targets

    • Target

      msi_protected.exe

    • Size

      3.5MB

    • MD5

      4222676b7217f462942c70555495e07d

    • SHA1

      51f10885196d274d47261f37e42490ede35d0489

    • SHA256

      8317fc0d549e4780499cb906ce067667ff8ffe0e384eba51dcbb6154d24956ca

    • SHA512

      bcd0ec4ad70be30a682192b34aa164340dc8f8ead2930cbae0a01658e1f5e42893cbad67164b68e3329a5e4cce1c9a7b9c99e03a67c08d41b16e8b3608820b24

    • SSDEEP

      98304:pB1fLV94nPe+4ey7LWqzTKJpFw2HmtL3Z+CF/:tTV94nPe+4B7LXzTKJLq/

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks