Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Valorantprv.exe

  • Size

    6.1MB

  • Sample

    240222-thkwjace92

  • MD5

    893a1bcd05d8697d749247ed88f29644

  • SHA1

    3e44e0856c00ea6d07d5a6f767c13c750df9b50c

  • SHA256

    b97266f764abea6bd832262b970de1503408eb7de2e67c0d612651ce6ec96552

  • SHA512

    78e2451d141be3166efa54596d36e2872e2d28222a6ca67c67fec3494f9593f8a8272e3d9099cd973ef6b01540e0da4e489ad2762d873183f635420e437da544

  • SSDEEP

    196608:duAxxfWaEWPQ90x0fsSRpisVv4GmEU9fP0:dteOQ90efDidGEVP0

Score
9/10

Malware Config

Targets

    • Target

      Valorantprv.exe

    • Size

      6.1MB

    • MD5

      893a1bcd05d8697d749247ed88f29644

    • SHA1

      3e44e0856c00ea6d07d5a6f767c13c750df9b50c

    • SHA256

      b97266f764abea6bd832262b970de1503408eb7de2e67c0d612651ce6ec96552

    • SHA512

      78e2451d141be3166efa54596d36e2872e2d28222a6ca67c67fec3494f9593f8a8272e3d9099cd973ef6b01540e0da4e489ad2762d873183f635420e437da544

    • SSDEEP

      196608:duAxxfWaEWPQ90x0fsSRpisVv4GmEU9fP0:dteOQ90efDidGEVP0

    Score
    9/10
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks