Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c337a60974844bbe579fc933b065989fdb5a66350acfaa7952465c0e73a28ec0

  • Size

    2.5MB

  • Sample

    240606-gjkwpshh9w

  • MD5

    f908e496fd10a760b9fbdd64b2101c21

  • SHA1

    aa32263197cfe9ce4d043d762547f45f2d8026b0

  • SHA256

    c337a60974844bbe579fc933b065989fdb5a66350acfaa7952465c0e73a28ec0

  • SHA512

    1a3407d52d319972f6fb780f1dce978feab9ef206ee12c0248c83d994ac027e5b9186971a3234e5983e7ac78e6fd0fe3d6c5fba3b79ef7dbb6435846d9fc7db7

  • SSDEEP

    49152:MxmvumkQ9lY9sgUXdTPSxdQ8KX75IyuWuCjcCqWOyxy:Mxx9NUFkQx753uWuCyyxy

Malware Config

Targets

    • Target

      c337a60974844bbe579fc933b065989fdb5a66350acfaa7952465c0e73a28ec0

    • Size

      2.5MB

    • MD5

      f908e496fd10a760b9fbdd64b2101c21

    • SHA1

      aa32263197cfe9ce4d043d762547f45f2d8026b0

    • SHA256

      c337a60974844bbe579fc933b065989fdb5a66350acfaa7952465c0e73a28ec0

    • SHA512

      1a3407d52d319972f6fb780f1dce978feab9ef206ee12c0248c83d994ac027e5b9186971a3234e5983e7ac78e6fd0fe3d6c5fba3b79ef7dbb6435846d9fc7db7

    • SSDEEP

      49152:MxmvumkQ9lY9sgUXdTPSxdQ8KX75IyuWuCjcCqWOyxy:Mxx9NUFkQx753uWuCyyxy

    • Modifies visiblity of hidden/system files in Explorer

    • Detects executables packed with Themida

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks