Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    aio.exe

  • Size

    7.6MB

  • Sample

    240419-c3rfdaed59

  • MD5

    f087101c9fbf951e8cfac1aae1a1b43d

  • SHA1

    c1647f0d4f42cc3e555695910fd4d5a5905bb9cc

  • SHA256

    c26bcff0de67f90f62a8da6da37ee17df01a49c06f2e2d938878e61e9620f622

  • SHA512

    702be19d5816d7aed421ca6103b6b565c7024f85126c177292daa80bfd0154ec75d514f91eb111f33f26f32369ae111c1bed7782f73615d9695e4bbf5fd29af7

  • SSDEEP

    196608:zErmEGqgQnS2Yre0pL19JRQjAWraTKwBuApVWOenE6ul:zEGhQSfygBujFWLolE6y

Malware Config

Targets

    • Target

      aio.exe

    • Size

      7.6MB

    • MD5

      f087101c9fbf951e8cfac1aae1a1b43d

    • SHA1

      c1647f0d4f42cc3e555695910fd4d5a5905bb9cc

    • SHA256

      c26bcff0de67f90f62a8da6da37ee17df01a49c06f2e2d938878e61e9620f622

    • SHA512

      702be19d5816d7aed421ca6103b6b565c7024f85126c177292daa80bfd0154ec75d514f91eb111f33f26f32369ae111c1bed7782f73615d9695e4bbf5fd29af7

    • SSDEEP

      196608:zErmEGqgQnS2Yre0pL19JRQjAWraTKwBuApVWOenE6ul:zEGhQSfygBujFWLolE6y

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Looks for VirtualBox Guest Additions in registry

    • Modifies boot configuration data using bcdedit

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks