Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
c5f9d9794e1cf3f40ef45f0e2a0ced13
-
Size
428KB
-
Sample
240313-qlvclafe43
-
MD5
c5f9d9794e1cf3f40ef45f0e2a0ced13
-
SHA1
b23a6498477ef463837382312512fe6254997155
-
SHA256
773e809ac4a9f0279eb2c258cb77288b14550b4e7ff646a9d82d888d11e6e225
-
SHA512
058f7f5e5ccb4d75014da8251291748013be87b71e0c443bd5e8da83754f77ba8b999bef0ba55d36f6dcbcd07ea7a1e22dd9d253223dc7319f3179403bba73bd
-
SSDEEP
12288:b9ZRLce1FpBL/Yf60nJRV57oTnbRpx3Qz:bDFLvph/YfZJv5cTn1
Static task
static1
Behavioral task
behavioral1
Sample
c5f9d9794e1cf3f40ef45f0e2a0ced13.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
c5f9d9794e1cf3f40ef45f0e2a0ced13.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
c5f9d9794e1cf3f40ef45f0e2a0ced13
-
Size
428KB
-
MD5
c5f9d9794e1cf3f40ef45f0e2a0ced13
-
SHA1
b23a6498477ef463837382312512fe6254997155
-
SHA256
773e809ac4a9f0279eb2c258cb77288b14550b4e7ff646a9d82d888d11e6e225
-
SHA512
058f7f5e5ccb4d75014da8251291748013be87b71e0c443bd5e8da83754f77ba8b999bef0ba55d36f6dcbcd07ea7a1e22dd9d253223dc7319f3179403bba73bd
-
SSDEEP
12288:b9ZRLce1FpBL/Yf60nJRV57oTnbRpx3Qz:bDFLvph/YfZJv5cTn1
-
Modifies security service
-
Looks for VMWare Tools registry key
-
Deletes itself
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Drops file in System32 directory
-