Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8614f85ba523358af7a5de81583c8dfffc9dcf609a06aab771831d55fe0df761.exe.zip

  • Size

    11.8MB

  • Sample

    231231-bessvsdee8

  • MD5

    8b83e77e636f1fafc417efd3d373bde8

  • SHA1

    2879b0f35a9083202b3f2d53fb4afc20894240f1

  • SHA256

    4b5804ef2be63d74945f21056f5fa3f3437ca36c0d893fe6f5143ceb1854386f

  • SHA512

    43c24b2b9cd7638d57add09bf3f312ce2671654696d711b81e84b3fbbf5a97de2c9f9e702179e585b093e68da6e2e1b8a7c98d15afa96efc1b1d9636e2808983

  • SSDEEP

    196608:rZFX4Fr+yoc9SF1Wm317oFg10lwLYHct5gXuJMmki/qZ8GrKumT3CPiGuKCPy0Vj:rbY+yH9SWgoyilJE5FJcmGuJmNuLPkLa

Malware Config

Targets

    • Target

      8614f85ba523358af7a5de81583c8dfffc9dcf609a06aab771831d55fe0df761.exe

    • Size

      23.4MB

    • MD5

      e70f2a5c0f1351b1a4462fa70356285a

    • SHA1

      8d3bb6642e6c6f09c090ea8b303d881ae8510e57

    • SHA256

      8614f85ba523358af7a5de81583c8dfffc9dcf609a06aab771831d55fe0df761

    • SHA512

      9024d9dec3b508716bec0b3d50823b8eea89add119ef20fab1bc909387ce08cb374ee0fde5c09364b21482394194260ea5a378afb1f3376063f2866548ff0aea

    • SSDEEP

      393216:tRlSXv/FtKUN3XoO1QCX8IKEzWQ+VAwj17viWmE12OnOxrmU32n/uSaQoy0urpRf:LlQ/FIW1QCPKKWTVH1jiWbYOnOxrmU3k

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks