Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    68590ba5f2cf85fe527db5355182d998fe2b3a79ae9def4d17af9536a63ee8d4

  • Size

    2.5MB

  • Sample

    240406-1rvknaca91

  • MD5

    594ec8797d70285fd48fde3f6fbb2d2d

  • SHA1

    bcfe71d56b1b7a64aded36bdfedb2ae23fbe87cf

  • SHA256

    68590ba5f2cf85fe527db5355182d998fe2b3a79ae9def4d17af9536a63ee8d4

  • SHA512

    f41638f34bb2710d26291fb7b7e848c22650af2364e6f3c2f6d725fc83427667fb321c96a2284b168c354162ff9813e6ac576e6a9bff0a988e5c471cbc545fd5

  • SSDEEP

    49152:hxmvumkQ9lY9sgUXdTPSxdQ8KX75IyuWuCjcCqWOyxb:hxx9NUFkQx753uWuCyyxb

Malware Config

Targets

    • Target

      68590ba5f2cf85fe527db5355182d998fe2b3a79ae9def4d17af9536a63ee8d4

    • Size

      2.5MB

    • MD5

      594ec8797d70285fd48fde3f6fbb2d2d

    • SHA1

      bcfe71d56b1b7a64aded36bdfedb2ae23fbe87cf

    • SHA256

      68590ba5f2cf85fe527db5355182d998fe2b3a79ae9def4d17af9536a63ee8d4

    • SHA512

      f41638f34bb2710d26291fb7b7e848c22650af2364e6f3c2f6d725fc83427667fb321c96a2284b168c354162ff9813e6ac576e6a9bff0a988e5c471cbc545fd5

    • SSDEEP

      49152:hxmvumkQ9lY9sgUXdTPSxdQ8KX75IyuWuCjcCqWOyxb:hxx9NUFkQx753uWuCyyxb

    • Modifies visiblity of hidden/system files in Explorer

    • Detects executables packed with Themida

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks