Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

CShell.dll

windows7-x64

9

CShell.dll

windows10-2004-x64

9

crossfire.exe

windows7-x64

crossfire.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    86a04af65a919f8da80e3e70ddc5ffe4fc08dcdc6c6f4669133dd3e54968992a

  • Size

    6.4MB

  • Sample

    240223-rw3bmabb32

  • MD5

    a76d6a2cfacd251b9a9aee026743a7ea

  • SHA1

    7a12c0234eab2f4f0e5706e1ecce04a74bcdbc8c

  • SHA256

    86a04af65a919f8da80e3e70ddc5ffe4fc08dcdc6c6f4669133dd3e54968992a

  • SHA512

    ebbfec25b01b1e8addd08523c5bb85c6b41bab777ec49275440a9fad64197775c7e764ff63ee223f160a31812b2834703701ade3b177bff7d9d655968b80cee2

  • SSDEEP

    98304:6itU7HXNjHoCSK0AEXLk8dWziw0cbLzHIKpJSZX6u67dulonMBRkD/DdLpt+XK03:6iUDIKfEXLksWzycLIcXNu+nwk1P+QLa

Score
9/10
evasion

Malware Config

Targets

    • Target

      CShell.dll

    • Size

      4.0MB

    • MD5

      2cb425cb5cf0a2d1f0d74bc1437e3cdb

    • SHA1

      e9e8594788058d204d4014f781d8262dc9a79971

    • SHA256

      c050a812f9e5d0d42fde7cc2d7996c634c0496d726a4cd4edf372d5d5610244d

    • SHA512

      fc668c0d1a1428b76d2578c25eb062c5a0eeb44f27065d6f595a468c5c855ca8a4474ca1d5ca0226acea3090df8d402ef31d9604f06d692ef944af98ee06f095

    • SSDEEP

      98304:y9n1MEszUnUruxXm8lDNMZXK3wBUu59xhGcK:pTUUr0mvMbu5PhG

    Score
    9/10
    evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      crossfire.exe

    • Size

      4.9MB

    • MD5

      e1add2575735daf5af82f2fe1e7d34e9

    • SHA1

      440431cd599c1bdc60afe38755b14572360babe9

    • SHA256

      4d42c0edc97474b000fc15d46a3ec82f7e2e67435742fc48d44c06f4250cedad

    • SHA512

      0de22267c6f8091a68ac2e34a581f3deda44e22816cd5d3801158f4b17bb30d4efce819ce10e67d809c53418264ed4f99a77473e1246e24ee00dc43acb35eac2

    • SSDEEP

      98304:bSJWphlJV4cw/uYziYqjZ8BhcwPQTYS/fH9tP9aOLOMr:eMzJV4S0q1ccwP2YSdqy

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks