Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Valorantprv.exe
-
Size
6.1MB
-
Sample
240222-thkwjace92
-
MD5
893a1bcd05d8697d749247ed88f29644
-
SHA1
3e44e0856c00ea6d07d5a6f767c13c750df9b50c
-
SHA256
b97266f764abea6bd832262b970de1503408eb7de2e67c0d612651ce6ec96552
-
SHA512
78e2451d141be3166efa54596d36e2872e2d28222a6ca67c67fec3494f9593f8a8272e3d9099cd973ef6b01540e0da4e489ad2762d873183f635420e437da544
-
SSDEEP
196608:duAxxfWaEWPQ90x0fsSRpisVv4GmEU9fP0:dteOQ90efDidGEVP0
Static task
static1
Behavioral task
behavioral1
Sample
Valorantprv.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
Valorantprv.exe
-
Size
6.1MB
-
MD5
893a1bcd05d8697d749247ed88f29644
-
SHA1
3e44e0856c00ea6d07d5a6f767c13c750df9b50c
-
SHA256
b97266f764abea6bd832262b970de1503408eb7de2e67c0d612651ce6ec96552
-
SHA512
78e2451d141be3166efa54596d36e2872e2d28222a6ca67c67fec3494f9593f8a8272e3d9099cd973ef6b01540e0da4e489ad2762d873183f635420e437da544
-
SSDEEP
196608:duAxxfWaEWPQ90x0fsSRpisVv4GmEU9fP0:dteOQ90efDidGEVP0
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-