Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    F593AB3D9D28ED29C7E65AFE5D5C3D234E13A7D2552723565E80D954D5E15DA1.zip

  • Size

    16.6MB

  • Sample

    240409-npkapahb6s

  • MD5

    49509bafe7a3e693ed37731109480ab1

  • SHA1

    48f396d5ad4395f6f6288be1714cad10a00aa5d3

  • SHA256

    c9b3414ddd02dbd1ba0efa264b21133b45eac505e9abd551cb235647c4bf519d

  • SHA512

    d56b4e1687d7d32d431d074e9fb295846cd589a3136d3639973f1612aab69dafba79ced16317056010eb1bb4b0f62beaf5a33bd1441a3161ed4a6679da2904c0

  • SSDEEP

    393216:fK+pS0A56g8w41GQ4TY5Qk5QtZjJdbXYmNDhMcyxDLuA4/:fKEA5vv41GDT5kIZjAqtMcyFun/

Malware Config

Targets

    • Target

      F593AB3D9D28ED29C7E65AFE5D5C3D234E13A7D2552723565E80D954D5E15DA1

    • Size

      16.8MB

    • MD5

      7d275755c8016baf66a2de364b5b9b3b

    • SHA1

      f72d3c3578022614c6d5c8c9b5fede688e4a0b5b

    • SHA256

      f593ab3d9d28ed29c7e65afe5d5c3d234e13a7d2552723565e80d954d5e15da1

    • SHA512

      55f3a335bb6641c8ca1f480ed38cc85953ef85ba42b6f6cc91c01a5a5357fcf1336719fd04937d49f2bc93cfadc861fd935967ec0535e87543b0cdadb859b249

    • SSDEEP

      393216:TJntyWPo+h06gwTU0eByBBpfJsB7Ja2gn9uG6DEWbSAY02znM0/JkGp5Ai:3yWPrnrXsBcvuG6AWvUndJpqi

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks