Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
f1ca484ee483d8e3bf9b4068d3f374ba5f87647f0fe816ec33761468ef1b63e4.exe
-
Size
1.7MB
-
Sample
240214-gla5aaag8z
-
MD5
c3d7abe1b3219e62e7afd9be41a71c12
-
SHA1
e3fbea9da267c6fb01799310d36110b594100d64
-
SHA256
f1ca484ee483d8e3bf9b4068d3f374ba5f87647f0fe816ec33761468ef1b63e4
-
SHA512
676dc9202cc85fe7fb4922503547a7940444fdda9a2ebf927841a200673819c31e278e87dd78b865e8fd259aabbe6cea5e6822b08c9ee4aacea413b211a68acd
-
SSDEEP
49152:jI0Mykez9xO/fbKecU0GwGA9cySrb76c1FC6vS:jIVepxO3bKebHV76cXC
Static task
static1
Behavioral task
behavioral1
Sample
f1ca484ee483d8e3bf9b4068d3f374ba5f87647f0fe816ec33761468ef1b63e4.exe
Resource
win7-20231215-en
Malware Config
Targets
-
-
Target
f1ca484ee483d8e3bf9b4068d3f374ba5f87647f0fe816ec33761468ef1b63e4.exe
-
Size
1.7MB
-
MD5
c3d7abe1b3219e62e7afd9be41a71c12
-
SHA1
e3fbea9da267c6fb01799310d36110b594100d64
-
SHA256
f1ca484ee483d8e3bf9b4068d3f374ba5f87647f0fe816ec33761468ef1b63e4
-
SHA512
676dc9202cc85fe7fb4922503547a7940444fdda9a2ebf927841a200673819c31e278e87dd78b865e8fd259aabbe6cea5e6822b08c9ee4aacea413b211a68acd
-
SSDEEP
49152:jI0Mykez9xO/fbKecU0GwGA9cySrb76c1FC6vS:jIVepxO3bKebHV76cXC
-
Detects executables embedding registry key / value combination indicative of disabling Windows Defender features
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-