Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    056457994ef2e02ddba376671788f728.bin

  • Size

    2.6MB

  • Sample

    231231-bc8rasbcdm

  • MD5

    056457994ef2e02ddba376671788f728

  • SHA1

    9766498764e88ca3195bb67bc03dc7377f4711e7

  • SHA256

    2149b042b287ec1113a412452d42587b34050d8acb4726c10f7406ff1aba340f

  • SHA512

    4d89ae345f3b36c93022b9c881c8cc213d9e6d3083b47eca8071c8c2dbf2e3faa02dedca78dceb37ef13a19e1599c4bea87af2685069c3e4c34ba923fcbcfbed

  • SSDEEP

    49152:tU/5M1X4Wl/YvzYCQR9RQs+C40yZpJaD99GU:tKq4oEa9RQs+Cn4/UKU

Malware Config

Targets

    • Target

      056457994ef2e02ddba376671788f728.bin

    • Size

      2.6MB

    • MD5

      056457994ef2e02ddba376671788f728

    • SHA1

      9766498764e88ca3195bb67bc03dc7377f4711e7

    • SHA256

      2149b042b287ec1113a412452d42587b34050d8acb4726c10f7406ff1aba340f

    • SHA512

      4d89ae345f3b36c93022b9c881c8cc213d9e6d3083b47eca8071c8c2dbf2e3faa02dedca78dceb37ef13a19e1599c4bea87af2685069c3e4c34ba923fcbcfbed

    • SSDEEP

      49152:tU/5M1X4Wl/YvzYCQR9RQs+C40yZpJaD99GU:tKq4oEa9RQs+Cn4/UKU

    • Modifies visiblity of hidden/system files in Explorer

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks