Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    horizon.exe

  • Size

    3.9MB

  • Sample

    240312-mb1j3sgd97

  • MD5

    c508af023f6840ba0132e9f19e2b69ce

  • SHA1

    21bad2f355a0f8f0364343f6bc201103205626ad

  • SHA256

    29fc2b99b81c16d8f3d150a78787d2e6c7702db5eb2e8e640f14daff54ee68aa

  • SHA512

    89bb44d2c98ad11457b471681ead1b4755553bc35250878b1965337951962d5d366ddc7fe0825b1814607f65112332f98dcd9d02b096e21b8b4b5a7b19c22a32

  • SSDEEP

    98304:bISoiJw2+vkeJWCs8vEABxN4Xi8lKRZbFDme3G/Q:bKiJw2I0CzNe9lKZR34Q

Malware Config

Targets

    • Target

      horizon.exe

    • Size

      3.9MB

    • MD5

      c508af023f6840ba0132e9f19e2b69ce

    • SHA1

      21bad2f355a0f8f0364343f6bc201103205626ad

    • SHA256

      29fc2b99b81c16d8f3d150a78787d2e6c7702db5eb2e8e640f14daff54ee68aa

    • SHA512

      89bb44d2c98ad11457b471681ead1b4755553bc35250878b1965337951962d5d366ddc7fe0825b1814607f65112332f98dcd9d02b096e21b8b4b5a7b19c22a32

    • SSDEEP

      98304:bISoiJw2+vkeJWCs8vEABxN4Xi8lKRZbFDme3G/Q:bKiJw2I0CzNe9lKZR34Q

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Sets service image path in registry

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks