Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    53b4d6e8187e16c1f2fe5b9d24b70fa8

  • Size

    4.0MB

  • Sample

    240111-ra5vmahhh4

  • MD5

    53b4d6e8187e16c1f2fe5b9d24b70fa8

  • SHA1

    0e26139b49c33436b418c1f0f3a2c6772fb61f0c

  • SHA256

    2df79e3cd2ef051cf0cb94915b6c62fd0e86447373fa6af26612e0fad2c77b23

  • SHA512

    32e6e2574de8bbeec70d017b418b4fcb80c6a8e056c1b462f5003a36be1bbf7e8d9a5e1a10d7b0a2da0f60c66973d0b0becb8d1022ccb17ab5caa7ad25b40b5c

  • SSDEEP

    98304:88VeFzbX1LFSMBVXmL+NCFptAxErv0EzMIVL2:8jFz/9pmL+NCDEpIJ2

Score
9/10

Malware Config

Targets

    • Target

      53b4d6e8187e16c1f2fe5b9d24b70fa8

    • Size

      4.0MB

    • MD5

      53b4d6e8187e16c1f2fe5b9d24b70fa8

    • SHA1

      0e26139b49c33436b418c1f0f3a2c6772fb61f0c

    • SHA256

      2df79e3cd2ef051cf0cb94915b6c62fd0e86447373fa6af26612e0fad2c77b23

    • SHA512

      32e6e2574de8bbeec70d017b418b4fcb80c6a8e056c1b462f5003a36be1bbf7e8d9a5e1a10d7b0a2da0f60c66973d0b0becb8d1022ccb17ab5caa7ad25b40b5c

    • SSDEEP

      98304:88VeFzbX1LFSMBVXmL+NCFptAxErv0EzMIVL2:8jFz/9pmL+NCDEpIJ2

    Score
    9/10
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks