Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

26/04/2024, 16:04

240426-thygmafb72 9

26/04/2024, 15:39

240426-s3w9mafe8t 9

26/04/2024, 15:06

240426-sg9mtseb45 9

General

  • Target

    IP.exe

  • Size

    20.2MB

  • Sample

    240426-sg9mtseb45

  • MD5

    e72253d9c42192ba62b5e2552bbfbca4

  • SHA1

    065af9ed0ec5d6d4b40c6dcf76e847b98b2572d2

  • SHA256

    2208dc3c8ca0aa3456e5f562b8f338be4bdc5270a488a9e44e5c4f6a972a792d

  • SHA512

    155879bbc185ce9df1b62f9ff9e0147cf99d5514004e92b8812bcec76783ad958dfaaf73ed6ddca99f2b942605a3b0a07156e12a1342241ad780d178a5074f4f

  • SSDEEP

    393216:Ha5opL76qeFJ/KqbG1scz01nJr0dUMv3htIVCiOV82RqYBof8IuQK9CpBiz6:H5aJ/iFar09tIVCHR5ofKwpBQ6

Malware Config

Targets

    • Target

      IP.exe

    • Size

      20.2MB

    • MD5

      e72253d9c42192ba62b5e2552bbfbca4

    • SHA1

      065af9ed0ec5d6d4b40c6dcf76e847b98b2572d2

    • SHA256

      2208dc3c8ca0aa3456e5f562b8f338be4bdc5270a488a9e44e5c4f6a972a792d

    • SHA512

      155879bbc185ce9df1b62f9ff9e0147cf99d5514004e92b8812bcec76783ad958dfaaf73ed6ddca99f2b942605a3b0a07156e12a1342241ad780d178a5074f4f

    • SSDEEP

      393216:Ha5opL76qeFJ/KqbG1scz01nJr0dUMv3htIVCiOV82RqYBof8IuQK9CpBiz6:H5aJ/iFar09tIVCHR5ofKwpBQ6

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks