Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
db52264951dd101cdc12dcb44a96b92c
-
Size
2.2MB
-
Sample
240224-ntq9ssae86
-
MD5
db52264951dd101cdc12dcb44a96b92c
-
SHA1
8885591a142a5d57aeba1fa24ff88517e82c51ea
-
SHA256
98ddd445f1b7ca25290ee7d802944f444dbcf319ba138212dc3e04653dcc6ab8
-
SHA512
bcc85c4df3db54327b715059cf544890409551440b36e8383d5d650816135cfc472621268a979804f3620a48cdb2849f40465e777f72d0a0807994e0ea1fb6ef
-
SSDEEP
49152:WO/W4bcxhRcerdjYzqjAwRSLNAuYoXezqj7ZRgcGYnxEhy:chXrdszqCLquJgGgcGYnGhy
Static task
static1
Behavioral task
behavioral1
Sample
db52264951dd101cdc12dcb44a96b92c.exe
Resource
win7-20240221-en
Malware Config
Extracted
risepro
193.233.132.62
Targets
-
-
Target
db52264951dd101cdc12dcb44a96b92c
-
Size
2.2MB
-
MD5
db52264951dd101cdc12dcb44a96b92c
-
SHA1
8885591a142a5d57aeba1fa24ff88517e82c51ea
-
SHA256
98ddd445f1b7ca25290ee7d802944f444dbcf319ba138212dc3e04653dcc6ab8
-
SHA512
bcc85c4df3db54327b715059cf544890409551440b36e8383d5d650816135cfc472621268a979804f3620a48cdb2849f40465e777f72d0a0807994e0ea1fb6ef
-
SSDEEP
49152:WO/W4bcxhRcerdjYzqjAwRSLNAuYoXezqj7ZRgcGYnxEhy:chXrdszqCLquJgGgcGYnGhy
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-