Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
056457994ef2e02ddba376671788f728.bin
-
Size
2.6MB
-
Sample
231231-bc8rasbcdm
-
MD5
056457994ef2e02ddba376671788f728
-
SHA1
9766498764e88ca3195bb67bc03dc7377f4711e7
-
SHA256
2149b042b287ec1113a412452d42587b34050d8acb4726c10f7406ff1aba340f
-
SHA512
4d89ae345f3b36c93022b9c881c8cc213d9e6d3083b47eca8071c8c2dbf2e3faa02dedca78dceb37ef13a19e1599c4bea87af2685069c3e4c34ba923fcbcfbed
-
SSDEEP
49152:tU/5M1X4Wl/YvzYCQR9RQs+C40yZpJaD99GU:tKq4oEa9RQs+Cn4/UKU
Malware Config
Targets
-
-
Target
056457994ef2e02ddba376671788f728.bin
-
Size
2.6MB
-
MD5
056457994ef2e02ddba376671788f728
-
SHA1
9766498764e88ca3195bb67bc03dc7377f4711e7
-
SHA256
2149b042b287ec1113a412452d42587b34050d8acb4726c10f7406ff1aba340f
-
SHA512
4d89ae345f3b36c93022b9c881c8cc213d9e6d3083b47eca8071c8c2dbf2e3faa02dedca78dceb37ef13a19e1599c4bea87af2685069c3e4c34ba923fcbcfbed
-
SSDEEP
49152:tU/5M1X4Wl/YvzYCQR9RQs+C40yZpJaD99GU:tKq4oEa9RQs+Cn4/UKU
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2Virtualization/Sandbox Evasion
1