Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Load.exe
-
Size
6.0MB
-
Sample
240523-3kwv9ade38
-
MD5
1af5555e5faebf3e72b33b5daa3681c9
-
SHA1
f54476a3e33fb65bf4b6b87abec40c6782dd8caf
-
SHA256
b3badd0202dcefd52f83d3e75a479ba4dfe49985e87f03db1d70e36214c2da67
-
SHA512
da7fea89a348f31bf0c80a35744c624278a08eb3ae9a354b70908268a8757b2c900169bf5f95b0553c748b19cc415430e89974554c880916882f67d6b63e9867
-
SSDEEP
98304:80IiypQCBRbpAJk9ylbt8xR8afX7yD6mysx8FAv3RlCesbekRlwbOMF:lIpQCBReJRbtwWazjcHS3MF
Malware Config
Targets
-
-
Target
Load.exe
-
Size
6.0MB
-
MD5
1af5555e5faebf3e72b33b5daa3681c9
-
SHA1
f54476a3e33fb65bf4b6b87abec40c6782dd8caf
-
SHA256
b3badd0202dcefd52f83d3e75a479ba4dfe49985e87f03db1d70e36214c2da67
-
SHA512
da7fea89a348f31bf0c80a35744c624278a08eb3ae9a354b70908268a8757b2c900169bf5f95b0553c748b19cc415430e89974554c880916882f67d6b63e9867
-
SSDEEP
98304:80IiypQCBRbpAJk9ylbt8xR8afX7yD6mysx8FAv3RlCesbekRlwbOMF:lIpQCBReJRbtwWazjcHS3MF
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-