Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0xVanguard.exe

  • Size

    20.2MB

  • Sample

    240424-yye3fagg66

  • MD5

    e510770367dc26a1ed1c67feb70ccdf9

  • SHA1

    7f989819e9851110980925b25301ee7a267e9058

  • SHA256

    8e6dc734b552472725c80ecd5ad2187bac5427cf9deea9f78e41ca80563f5810

  • SHA512

    f3c518d949c68b6ebcf5e603ffbf51f4c5d281b3cf66a63dde2304cfd01d7a57d2aa0dc774f61e86e804fd95fbc5c9c22210eae1851da5ef09e216cb6e48743c

  • SSDEEP

    393216:EqPu8bmS69TPKFK4UCQTHvN6uR4LwqnPTD3qEjRBJ8oy52EvNu1WuAEZY:FqTRP6JUtTH16uRj0jRT8oylNKWuW

Malware Config

Targets

    • Target

      0xVanguard.exe

    • Size

      20.2MB

    • MD5

      e510770367dc26a1ed1c67feb70ccdf9

    • SHA1

      7f989819e9851110980925b25301ee7a267e9058

    • SHA256

      8e6dc734b552472725c80ecd5ad2187bac5427cf9deea9f78e41ca80563f5810

    • SHA512

      f3c518d949c68b6ebcf5e603ffbf51f4c5d281b3cf66a63dde2304cfd01d7a57d2aa0dc774f61e86e804fd95fbc5c9c22210eae1851da5ef09e216cb6e48743c

    • SSDEEP

      393216:EqPu8bmS69TPKFK4UCQTHvN6uR4LwqnPTD3qEjRBJ8oy52EvNu1WuAEZY:FqTRP6JUtTH16uRj0jRT8oylNKWuW

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Stops running service(s)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks