Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
IP.exe
-
Size
20.2MB
-
Sample
240426-sg9mtseb45
-
MD5
e72253d9c42192ba62b5e2552bbfbca4
-
SHA1
065af9ed0ec5d6d4b40c6dcf76e847b98b2572d2
-
SHA256
2208dc3c8ca0aa3456e5f562b8f338be4bdc5270a488a9e44e5c4f6a972a792d
-
SHA512
155879bbc185ce9df1b62f9ff9e0147cf99d5514004e92b8812bcec76783ad958dfaaf73ed6ddca99f2b942605a3b0a07156e12a1342241ad780d178a5074f4f
-
SSDEEP
393216:Ha5opL76qeFJ/KqbG1scz01nJr0dUMv3htIVCiOV82RqYBof8IuQK9CpBiz6:H5aJ/iFar09tIVCHR5ofKwpBQ6
Behavioral task
behavioral1
Sample
IP.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
IP.exe
-
Size
20.2MB
-
MD5
e72253d9c42192ba62b5e2552bbfbca4
-
SHA1
065af9ed0ec5d6d4b40c6dcf76e847b98b2572d2
-
SHA256
2208dc3c8ca0aa3456e5f562b8f338be4bdc5270a488a9e44e5c4f6a972a792d
-
SHA512
155879bbc185ce9df1b62f9ff9e0147cf99d5514004e92b8812bcec76783ad958dfaaf73ed6ddca99f2b942605a3b0a07156e12a1342241ad780d178a5074f4f
-
SSDEEP
393216:Ha5opL76qeFJ/KqbG1scz01nJr0dUMv3htIVCiOV82RqYBof8IuQK9CpBiz6:H5aJ/iFar09tIVCHR5ofKwpBQ6
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-