Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ad1427f6cca3d14f405f847fdb508efa

  • Size

    2.6MB

  • Sample

    240228-2zf8nsga35

  • MD5

    ad1427f6cca3d14f405f847fdb508efa

  • SHA1

    c131531758503e531edfc322048269291d7719c0

  • SHA256

    a628618f961434862d7ae607e762b29d299ad695648caac0b7c37278b623e373

  • SHA512

    905581251e9ddfb451d09a9c07b6e8e5ce73563ca9eb16422d43991613546cb619791c22a18c147af7680a237c0ebeac59427c53dd57b83cf4a9e4cdeb1e2c33

  • SSDEEP

    49152:tU/5M1X4Wl/YvzYCQR9RQs+C40yZpJaD99Gf:tKq4oEa9RQs+Cn4/UKf

Malware Config

Targets

    • Target

      ad1427f6cca3d14f405f847fdb508efa

    • Size

      2.6MB

    • MD5

      ad1427f6cca3d14f405f847fdb508efa

    • SHA1

      c131531758503e531edfc322048269291d7719c0

    • SHA256

      a628618f961434862d7ae607e762b29d299ad695648caac0b7c37278b623e373

    • SHA512

      905581251e9ddfb451d09a9c07b6e8e5ce73563ca9eb16422d43991613546cb619791c22a18c147af7680a237c0ebeac59427c53dd57b83cf4a9e4cdeb1e2c33

    • SSDEEP

      49152:tU/5M1X4Wl/YvzYCQR9RQs+C40yZpJaD99Gf:tKq4oEa9RQs+Cn4/UKf

    • Modifies visiblity of hidden/system files in Explorer

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks