Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

7193cbc2f1...e2.exe

windows7-x64

9

7193cbc2f1...e2.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7ad3f2440080b451007041ab312cd44f.bin

  • Size

    1.5MB

  • Sample

    240314-c9jdcagg5t

  • MD5

    d19e6b0efa71c87b04d6f05411a3070b

  • SHA1

    7ff1fa19acd96c4a6d02e4114e1e4a512f5389d0

  • SHA256

    34cffb54d934dc8c385e6c30bb91e9a72d6e71b618b9a70cf82571f3a737be69

  • SHA512

    61a95f61313d67654386290408298e69688a655d023556219ddbbbb77c6188f3517dda8f953bcea4028b0c392a1f46e9eec535987e32acafb736db82d13e7d14

  • SSDEEP

    49152:4iIVjgZca/1mE0V02HjV9+MgaASNZOqw2oM5N2e:4iItr60yWx9FgaFN8qwRMae

Score
9/10
evasion

Malware Config

Targets

    • Target

      7193cbc2f1fd3e79ff7d710e11d76f3c22a16e1373fe7638e8f68cc02a8278e2.exe

    • Size

      1.8MB

    • MD5

      7ad3f2440080b451007041ab312cd44f

    • SHA1

      f27cb8b1cb151f623d4f3ab266a1a6fe0b78a90a

    • SHA256

      7193cbc2f1fd3e79ff7d710e11d76f3c22a16e1373fe7638e8f68cc02a8278e2

    • SHA512

      6f924d4e96ca8d612703a39c7b05a741480ea2e165ad115387c37f4e419a7aa3848943a4d9bbbe2d629ddcffadcddf595a28ac21e5c167ef06110d1cd1144aab

    • SSDEEP

      49152:nNGMCKrWDercJet5CGs6o2DE712M6MR5yttt9BR1Iu:nNGMbKDer3L3s6oiwf6U2tt9BR1Iu

    Score
    9/10
    evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks