Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    hehe.exe

  • Size

    3.7MB

  • Sample

    240406-swtvxsdc4t

  • MD5

    d0ebff942a1ee6af1090291ef99d594d

  • SHA1

    48d0d0b13f9685d7e33d901217339810bb04e0c6

  • SHA256

    c8a67410eceb77f0807f72e3751598f6b5a21a5d6debfc8159d7378894271c26

  • SHA512

    0e57f5247462ecfd21d516b2ec114fd5373120d7fedd681893d66d37ee7c544bfc680dabbad46ed12a02c1b5105f6addf2e9aeb7e6f59500e1709c910fe7e2d3

  • SSDEEP

    49152:VyTymycDWfJKwgQbac3M3KO74Lw3AYA7/zY/BpA0bXjFthdEABB6SKux2sY3rLpb:RUxcPOHA7cvA0bXJth5PZosChNH4a

Malware Config

Targets

    • Target

      hehe.exe

    • Size

      3.7MB

    • MD5

      d0ebff942a1ee6af1090291ef99d594d

    • SHA1

      48d0d0b13f9685d7e33d901217339810bb04e0c6

    • SHA256

      c8a67410eceb77f0807f72e3751598f6b5a21a5d6debfc8159d7378894271c26

    • SHA512

      0e57f5247462ecfd21d516b2ec114fd5373120d7fedd681893d66d37ee7c544bfc680dabbad46ed12a02c1b5105f6addf2e9aeb7e6f59500e1709c910fe7e2d3

    • SSDEEP

      49152:VyTymycDWfJKwgQbac3M3KO74Lw3AYA7/zY/BpA0bXjFthdEABB6SKux2sY3rLpb:RUxcPOHA7cvA0bXJth5PZosChNH4a

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Sets service image path in registry

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks