Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    celex.exe

  • Size

    4.0MB

  • Sample

    231224-3j4jpsdddk

  • MD5

    3d05f35dd57d171ef57a37fd9e8498fc

  • SHA1

    c18418fe05ab38c0005ecbc0ed6ba10caca174c8

  • SHA256

    070a26b9b519330da249104467525be63b1b23015d23c86b306d31465e79a024

  • SHA512

    65dbc4c75dffcce863c351206cf43312c58cd1273f226c404df4da69cecabb407bfb277f4d1bbbab5952c730407a3d79f2d926b2aa77a6df7abc318c55868737

  • SSDEEP

    98304:eEdeDPCpwDjPCTp9/ekFJkybBBHzmbLcwo8XGz:roPCSfaDmkFJk6BBypo8XGz

Malware Config

Targets

    • Target

      celex.exe

    • Size

      4.0MB

    • MD5

      3d05f35dd57d171ef57a37fd9e8498fc

    • SHA1

      c18418fe05ab38c0005ecbc0ed6ba10caca174c8

    • SHA256

      070a26b9b519330da249104467525be63b1b23015d23c86b306d31465e79a024

    • SHA512

      65dbc4c75dffcce863c351206cf43312c58cd1273f226c404df4da69cecabb407bfb277f4d1bbbab5952c730407a3d79f2d926b2aa77a6df7abc318c55868737

    • SSDEEP

      98304:eEdeDPCpwDjPCTp9/ekFJkybBBHzmbLcwo8XGz:roPCSfaDmkFJk6BBypo8XGz

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks