Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
hehe.exe
-
Size
3.7MB
-
Sample
240406-swtvxsdc4t
-
MD5
d0ebff942a1ee6af1090291ef99d594d
-
SHA1
48d0d0b13f9685d7e33d901217339810bb04e0c6
-
SHA256
c8a67410eceb77f0807f72e3751598f6b5a21a5d6debfc8159d7378894271c26
-
SHA512
0e57f5247462ecfd21d516b2ec114fd5373120d7fedd681893d66d37ee7c544bfc680dabbad46ed12a02c1b5105f6addf2e9aeb7e6f59500e1709c910fe7e2d3
-
SSDEEP
49152:VyTymycDWfJKwgQbac3M3KO74Lw3AYA7/zY/BpA0bXjFthdEABB6SKux2sY3rLpb:RUxcPOHA7cvA0bXJth5PZosChNH4a
Behavioral task
behavioral1
Sample
hehe.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
hehe.exe
-
Size
3.7MB
-
MD5
d0ebff942a1ee6af1090291ef99d594d
-
SHA1
48d0d0b13f9685d7e33d901217339810bb04e0c6
-
SHA256
c8a67410eceb77f0807f72e3751598f6b5a21a5d6debfc8159d7378894271c26
-
SHA512
0e57f5247462ecfd21d516b2ec114fd5373120d7fedd681893d66d37ee7c544bfc680dabbad46ed12a02c1b5105f6addf2e9aeb7e6f59500e1709c910fe7e2d3
-
SSDEEP
49152:VyTymycDWfJKwgQbac3M3KO74Lw3AYA7/zY/BpA0bXjFthdEABB6SKux2sY3rLpb:RUxcPOHA7cvA0bXJth5PZosChNH4a
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Sets service image path in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-