Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ece0484b23b1d5b915a33c32612978e5.bin

  • Size

    3.6MB

  • Sample

    231113-d9cfgaha75

  • MD5

    ece0484b23b1d5b915a33c32612978e5

  • SHA1

    f1459cd5c31dcaaac43b0e21366a389df08b9349

  • SHA256

    75e1cdd24b6fae13b44b2c5251a7dec8958fd723fc435976ad12256a2b5afb53

  • SHA512

    83633e7043885a869951e811add4531a4b31ce8b2dcd49dbc4b662254d43cdaf45a43b362f263415cb19e818494268bbcd87e06f0c0c73e4e636dd7a22f8432a

  • SSDEEP

    98304:06DDcVgKrO/zQdS1qwZ19owLiWo61Rvsx6Y8jE+zq0kIcd0mODh:jn0rO/MdxwZ1JuWNZskVtzq2c2X

Malware Config

Targets

    • Target

      kernel-injection.exe

    • Size

      3.6MB

    • MD5

      2000ee7b472fa0bed9fd3bdf661b4613

    • SHA1

      8fdcf7bcc86c8bab9b3f19b1eee01ebea6d4d84d

    • SHA256

      18543bcf137afd15dac41bb3b0666aac04fa24c3215a3464e22392d2097a10df

    • SHA512

      fbf75dafaef38787a268a32e2254dc9fd2a7db06064eb052fbc10c71a7e3991078e9255e6e9ced914fc522d41a6efdc6f4d750074456dd60101738fd65c09f29

    • SSDEEP

      98304:311rtCZ6BCeMEhm0yC0J+QDNDALuGnpd0VcQ:31Z4ZACeMbJ+Q5Kvcx

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Sets service image path in registry

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks