Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3b855787cceaca86b9531489b200da54

  • Size

    5.8MB

  • Sample

    240101-beh9esbgb6

  • MD5

    3b855787cceaca86b9531489b200da54

  • SHA1

    c13e1a27222091d2e0e9dd0dcd346287ad5fb629

  • SHA256

    1787b83cad19e5875930d10d2d72c0cc8561fec008e118c950745df1d4f2e1d4

  • SHA512

    96a09fb0c857671349d9f5ec5fbd8153be7f4015436d972dadc1cd09f6e488394efbd86719bebc294478fbb1aa841d1b9bfebe271790be451418a22ed81fc4fb

  • SSDEEP

    98304:dlp1QABljax0XVH/AfV9orBgNln1vEHSJpiYMeghvjPB7p/+W4+AI26TTLxtjYf2:dmAPy0XS99oslJEqkzhvjPPW4AFIHxt5

Score
9/10

Malware Config

Targets

    • Target

      洛克王国火神辅助4.6/洛克王国火神辅助v4.6.exe

    • Size

      5.7MB

    • MD5

      ca30b48023517427895304a20b3473b3

    • SHA1

      e7557a41c44e17b64ec97f0005a540f2300b3797

    • SHA256

      894887e113fa2f8e25467c29bee11f5de5ffb3adc8adf4e949c3961311546a77

    • SHA512

      33b99ecb9a3aeca82f142076259f4738a1b170a2ae482253af415d7deb547ba482accc83d7fade01b15202da89faea89ac56864b52468d086deddd75a2fb72a7

    • SSDEEP

      98304:QLx2OfyJSL2MxE/9hOEkLhCiM+fnc1m+WIGLuzCIJMVM3esiJUiG5uGlKrybiJx:4UOKJY0/94Ekvdfb/IG6zlMVM3TsUvI8

    Score
    9/10
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      洛克王国火神辅助4.6/游迅网.url

    • Size

      111B

    • MD5

      1e73d11eb7965dda7e821b0d261600cf

    • SHA1

      a781cb6a6eb203f0d19686e40ef1c8361ec22c23

    • SHA256

      cde0b34adaa12cdc1a54e5d7ecf7a4875ffbafd69d6811c4e3f22344290f5c7a

    • SHA512

      65325d5976db3f65ebf426a9cd4021d250a2bc43f6990996a2f553de08dc28e9a5b617decd9738f174de76c13e0cb047c634abbbd01a2047643c20fc9252429d

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks