Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
47506422497eefbc000cddf5adc8c24b03686e4c5791ee8241e4998caede618d.exe
-
Size
2.2MB
-
Sample
240229-f3jmbafa6x
-
MD5
3462e5905a1627fb9203326d5b059337
-
SHA1
736dffa4658440b9d2991628117b8534b1374b11
-
SHA256
47506422497eefbc000cddf5adc8c24b03686e4c5791ee8241e4998caede618d
-
SHA512
73320915b9a90814d9cbcbdbc6f6056f86478b4c5f83ddeb39db5b702bd66aae19103fc2bf767d2b47786471a858269ede2ce0377cd4a7a96f8602e802e9bf63
-
SSDEEP
49152:WjYehOISUSrMl6ge5g+3CqVTegLFAmJNFEUnf9k17wUW:WUeJS0z+3C2eenJMUnf92wUW
Static task
static1
Behavioral task
behavioral1
Sample
47506422497eefbc000cddf5adc8c24b03686e4c5791ee8241e4998caede618d.exe
Resource
win7-20240221-en
Malware Config
Extracted
risepro
193.233.132.62
Targets
-
-
Target
47506422497eefbc000cddf5adc8c24b03686e4c5791ee8241e4998caede618d.exe
-
Size
2.2MB
-
MD5
3462e5905a1627fb9203326d5b059337
-
SHA1
736dffa4658440b9d2991628117b8534b1374b11
-
SHA256
47506422497eefbc000cddf5adc8c24b03686e4c5791ee8241e4998caede618d
-
SHA512
73320915b9a90814d9cbcbdbc6f6056f86478b4c5f83ddeb39db5b702bd66aae19103fc2bf767d2b47786471a858269ede2ce0377cd4a7a96f8602e802e9bf63
-
SSDEEP
49152:WjYehOISUSrMl6ge5g+3CqVTegLFAmJNFEUnf9k17wUW:WUeJS0z+3C2eenJMUnf92wUW
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-