Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
release.rar
-
Size
8.1MB
-
Sample
240520-agllwsae5z
-
MD5
550f5e261d58b60ad66fe0303e3a1234
-
SHA1
69bca3605b33b4043e0c730b73ceee2a596db82d
-
SHA256
d414a91153d3003d9026994389a629203aa3f8fc83017f0e727273560315e181
-
SHA512
14f157e0d1f44dacd12b5a6f13583d156a8b261956e97d47cc014536709f4402eb303f26b58ea6987323afa88ffa0b2332d5f6efa0eeb620afd35905f1309b40
-
SSDEEP
196608:E7BFRsgkFbyhlu0X4f0ZvpBxAvGUFi0gpuKLoqizxw1j:EVXsg2byTu0NBA+UA0gxLonzG
Behavioral task
behavioral1
Sample
release/main/cheat.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
release/main/cheat.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
release/main/loader.exe
Resource
win7-20240419-en
Malware Config
Targets
-
-
Target
release/main/cheat.exe
-
Size
4.1MB
-
MD5
d1895f02df8810e698741d4805317916
-
SHA1
b45eb5ebe4184b6249f514122838b582c8030a0b
-
SHA256
b2304109f2212ccf8b49c9fe8999b178ce7563c1c7540a05ea3d2836b22d361d
-
SHA512
bf9449415ee28b84319df57dca23ce43b345e5dfa042e2613fd84f183a02154bca859785a8b51434ed5466ea7def19a2d562822d9d9f1c7a9de72055843d60b1
-
SSDEEP
98304:bSXAizswlu7vCx/0nrEw1PP3rSDdV+8Tz7kI:bS/Qa50RP3rSP3II
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Sets service image path in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
release/main/loader.exe
-
Size
4.1MB
-
MD5
9ecdc9ed1bea6c226f92d740d43400b9
-
SHA1
b5b5066cd4284733d8c3f3d7de3ca6653091ae10
-
SHA256
60c57f14c2e0e0df0bda16646b21dddceaee0159dafbbb8daba310d4e1b5be6c
-
SHA512
30bc705a2438288e3647d5adfc6119d751823970972b9c6b39a60384a2b7ac261986026b8d1c0b0ca7ee3d7e95363c97b873fdc5fad4096c903cb4e15bf57e43
-
SSDEEP
98304:vnUGAC+hqc8lqvdzw2nsNKYYURyc9JirsN4JzmUPj:PTn2qcUzp6UYeJRCxPj
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
1