Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Load.exe

  • Size

    6.0MB

  • Sample

    240523-3kwv9ade38

  • MD5

    1af5555e5faebf3e72b33b5daa3681c9

  • SHA1

    f54476a3e33fb65bf4b6b87abec40c6782dd8caf

  • SHA256

    b3badd0202dcefd52f83d3e75a479ba4dfe49985e87f03db1d70e36214c2da67

  • SHA512

    da7fea89a348f31bf0c80a35744c624278a08eb3ae9a354b70908268a8757b2c900169bf5f95b0553c748b19cc415430e89974554c880916882f67d6b63e9867

  • SSDEEP

    98304:80IiypQCBRbpAJk9ylbt8xR8afX7yD6mysx8FAv3RlCesbekRlwbOMF:lIpQCBReJRbtwWazjcHS3MF

Malware Config

Targets

    • Target

      Load.exe

    • Size

      6.0MB

    • MD5

      1af5555e5faebf3e72b33b5daa3681c9

    • SHA1

      f54476a3e33fb65bf4b6b87abec40c6782dd8caf

    • SHA256

      b3badd0202dcefd52f83d3e75a479ba4dfe49985e87f03db1d70e36214c2da67

    • SHA512

      da7fea89a348f31bf0c80a35744c624278a08eb3ae9a354b70908268a8757b2c900169bf5f95b0553c748b19cc415430e89974554c880916882f67d6b63e9867

    • SSDEEP

      98304:80IiypQCBRbpAJk9ylbt8xR8afX7yD6mysx8FAv3RlCesbekRlwbOMF:lIpQCBReJRbtwWazjcHS3MF

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks