Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f1ca484ee483d8e3bf9b4068d3f374ba5f87647f0fe816ec33761468ef1b63e4.exe

  • Size

    1.7MB

  • Sample

    240214-gla5aaag8z

  • MD5

    c3d7abe1b3219e62e7afd9be41a71c12

  • SHA1

    e3fbea9da267c6fb01799310d36110b594100d64

  • SHA256

    f1ca484ee483d8e3bf9b4068d3f374ba5f87647f0fe816ec33761468ef1b63e4

  • SHA512

    676dc9202cc85fe7fb4922503547a7940444fdda9a2ebf927841a200673819c31e278e87dd78b865e8fd259aabbe6cea5e6822b08c9ee4aacea413b211a68acd

  • SSDEEP

    49152:jI0Mykez9xO/fbKecU0GwGA9cySrb76c1FC6vS:jIVepxO3bKebHV76cXC

Score
10/10

Malware Config

Targets

    • Target

      f1ca484ee483d8e3bf9b4068d3f374ba5f87647f0fe816ec33761468ef1b63e4.exe

    • Size

      1.7MB

    • MD5

      c3d7abe1b3219e62e7afd9be41a71c12

    • SHA1

      e3fbea9da267c6fb01799310d36110b594100d64

    • SHA256

      f1ca484ee483d8e3bf9b4068d3f374ba5f87647f0fe816ec33761468ef1b63e4

    • SHA512

      676dc9202cc85fe7fb4922503547a7940444fdda9a2ebf927841a200673819c31e278e87dd78b865e8fd259aabbe6cea5e6822b08c9ee4aacea413b211a68acd

    • SSDEEP

      49152:jI0Mykez9xO/fbKecU0GwGA9cySrb76c1FC6vS:jIVepxO3bKebHV76cXC

    Score
    10/10
    • Modifies Windows Defender Real-time Protection settings

    • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Windows security modification

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks