Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ec848ed8a308f13a19073b9afa43a755cef54fe3b5777b77ba59a1068b1f127e

  • Size

    10.7MB

  • Sample

    240529-h1nvcsfd75

  • MD5

    5b61e4d359022bf8defb88171a206969

  • SHA1

    c7394d4c8b9738e2ff279cc443bc38af8a778980

  • SHA256

    ec848ed8a308f13a19073b9afa43a755cef54fe3b5777b77ba59a1068b1f127e

  • SHA512

    5fac25bec1cc57d1c210e4ded5351af5d7732089347284942c80bcb9070d9bf7f6c532df391308900bcf642b451db110b9547ca7d1bc6b9e5bde1f3bc2d9954b

  • SSDEEP

    196608:iHwJu2JYMN64owNBxRr8Txs4F6AsQGBHoL1PntPj8YSKR:swP5N8x+PIL1Pnx9R

Malware Config

Targets

    • Target

      ec848ed8a308f13a19073b9afa43a755cef54fe3b5777b77ba59a1068b1f127e

    • Size

      10.7MB

    • MD5

      5b61e4d359022bf8defb88171a206969

    • SHA1

      c7394d4c8b9738e2ff279cc443bc38af8a778980

    • SHA256

      ec848ed8a308f13a19073b9afa43a755cef54fe3b5777b77ba59a1068b1f127e

    • SHA512

      5fac25bec1cc57d1c210e4ded5351af5d7732089347284942c80bcb9070d9bf7f6c532df391308900bcf642b451db110b9547ca7d1bc6b9e5bde1f3bc2d9954b

    • SSDEEP

      196608:iHwJu2JYMN64owNBxRr8Txs4F6AsQGBHoL1PntPj8YSKR:swP5N8x+PIL1Pnx9R

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Checks whether UAC is enabled

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks