Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file

  • Size

    2.7MB

  • Sample

    231115-l1f2asfg38

  • MD5

    b761afb0c67b4f94f5d3e47f59040d4a

  • SHA1

    cedddd5443bfae50cf38dbc119c7d034dfdedd1a

  • SHA256

    444ed0d8b62bdd8da294c6a49e47a7f8a15fcec43409780ea00997a0bf53ffe5

  • SHA512

    289b775261a8a5b8bb4baf8f0bd94f0f254f0bfc3047b8db83c58134d278b74451b477f42c8f3cc93c1a9128e7a02c79f16906ce9798e7a716be4db4c698c363

  • SSDEEP

    49152:p4RiswcUZcimQaB++5As+ryqWqoBll0jL7cgyTURSQzaNxLR:pxXqimQab5r+WUaT0jHVyARSQzaHR

Malware Config

Targets

    • Target

      file

    • Size

      2.7MB

    • MD5

      b761afb0c67b4f94f5d3e47f59040d4a

    • SHA1

      cedddd5443bfae50cf38dbc119c7d034dfdedd1a

    • SHA256

      444ed0d8b62bdd8da294c6a49e47a7f8a15fcec43409780ea00997a0bf53ffe5

    • SHA512

      289b775261a8a5b8bb4baf8f0bd94f0f254f0bfc3047b8db83c58134d278b74451b477f42c8f3cc93c1a9128e7a02c79f16906ce9798e7a716be4db4c698c363

    • SSDEEP

      49152:p4RiswcUZcimQaB++5As+ryqWqoBll0jL7cgyTURSQzaNxLR:pxXqimQab5r+WUaT0jHVyARSQzaHR

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks