Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ece0484b23b1d5b915a33c32612978e5.bin
-
Size
3.6MB
-
Sample
231113-d9cfgaha75
-
MD5
ece0484b23b1d5b915a33c32612978e5
-
SHA1
f1459cd5c31dcaaac43b0e21366a389df08b9349
-
SHA256
75e1cdd24b6fae13b44b2c5251a7dec8958fd723fc435976ad12256a2b5afb53
-
SHA512
83633e7043885a869951e811add4531a4b31ce8b2dcd49dbc4b662254d43cdaf45a43b362f263415cb19e818494268bbcd87e06f0c0c73e4e636dd7a22f8432a
-
SSDEEP
98304:06DDcVgKrO/zQdS1qwZ19owLiWo61Rvsx6Y8jE+zq0kIcd0mODh:jn0rO/MdxwZ1JuWNZskVtzq2c2X
Behavioral task
behavioral1
Sample
kernel-injection.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
kernel-injection.exe
Resource
win10v2004-20231023-en
Malware Config
Targets
-
-
Target
kernel-injection.exe
-
Size
3.6MB
-
MD5
2000ee7b472fa0bed9fd3bdf661b4613
-
SHA1
8fdcf7bcc86c8bab9b3f19b1eee01ebea6d4d84d
-
SHA256
18543bcf137afd15dac41bb3b0666aac04fa24c3215a3464e22392d2097a10df
-
SHA512
fbf75dafaef38787a268a32e2254dc9fd2a7db06064eb052fbc10c71a7e3991078e9255e6e9ced914fc522d41a6efdc6f4d750074456dd60101738fd65c09f29
-
SSDEEP
98304:311rtCZ6BCeMEhm0yC0J+QDNDALuGnpd0VcQ:31Z4ZACeMbJ+Q5Kvcx
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Sets service image path in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-