Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    etabs_v21_kg.exe

  • Size

    2.6MB

  • Sample

    240219-1xy52aeh22

  • MD5

    6cf5ac6015952655a02c5ed140e8000d

  • SHA1

    ed410bf9c04b337d1e326a0bdb6631790ab6429c

  • SHA256

    5c56c83e12a350356d2604c2f41b0a0f6ae36d7f5c118e0cd65258604a6dc922

  • SHA512

    fc10b16717e4240420f070e26732f829bc0b95a69be5838aeaeae6be38742b4b2d361271e631fb5c9d978a7d2f2e98668ef1cffe37a647d9e300264175f6af70

  • SSDEEP

    49152:85OiwBSGFvc0kjG9QkvUHv6Raut/Ye1x57Xe2SQwL:/iwBO0spz6RBVY+x5LeRQ

Score
9/10

Malware Config

Targets

    • Target

      etabs_v21_kg.exe

    • Size

      2.6MB

    • MD5

      6cf5ac6015952655a02c5ed140e8000d

    • SHA1

      ed410bf9c04b337d1e326a0bdb6631790ab6429c

    • SHA256

      5c56c83e12a350356d2604c2f41b0a0f6ae36d7f5c118e0cd65258604a6dc922

    • SHA512

      fc10b16717e4240420f070e26732f829bc0b95a69be5838aeaeae6be38742b4b2d361271e631fb5c9d978a7d2f2e98668ef1cffe37a647d9e300264175f6af70

    • SSDEEP

      49152:85OiwBSGFvc0kjG9QkvUHv6Raut/Ye1x57Xe2SQwL:/iwBO0spz6RBVY+x5LeRQ

    Score
    9/10
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks