Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    cb5881d774e317c33dc565c487a4c90c528e2bc0b44449e42cdb8698607a17e3.exe.zip

  • Size

    5.1MB

  • Sample

    231231-brpxqsfdg6

  • MD5

    f5d74f518580a0eec057bf358cb87779

  • SHA1

    8250082bf04a2b48a7bddedcd17cbc9c57a88130

  • SHA256

    755eecb800160c386f4c2da5e0720795ae2c4c995cd06b861b833d8329f698e0

  • SHA512

    2e2d8f15585e5aac065a31c88cd9322623ff4dda9db1d2539af42163dd5a5a3766eee239f691b3f098fe065a28d8a8e0d5332798d2b6ca6da8a00336eba58272

  • SSDEEP

    98304:WqV5HgannYjJK3JpdL30lfJQj2gVD8cBro8tYk5GvHXRcY9uFFFmKJwVKI1QoLzJ:v/A4nYtETdL30lfJQS5Qt9G5H9YFmKm7

Malware Config

Targets

    • Target

      cb5881d774e317c33dc565c487a4c90c528e2bc0b44449e42cdb8698607a17e3.exe

    • Size

      5.1MB

    • MD5

      5fff0709172509f29c34878d8fecd346

    • SHA1

      68c70307ac1182d7c9711c35574a8330def881c0

    • SHA256

      cb5881d774e317c33dc565c487a4c90c528e2bc0b44449e42cdb8698607a17e3

    • SHA512

      3a3495769b9ad0f1d25f73d4317cd4e57b8ce8386f129015b495a1a918690e3aed6cfe5f5aa645b7216e5dcf2a733de8d09957532d1127da468bbd831819afeb

    • SSDEEP

      98304:WsZhPs5DXd8UqpNl92eV3VGehLVH/coFZKAJay8sqFRz4j1Jqh9PJ8nrOW:WeqlSUqpNj2YL50wZKaaBz43Y9PuR

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks