Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
c337a60974844bbe579fc933b065989fdb5a66350acfaa7952465c0e73a28ec0
-
Size
2.5MB
-
Sample
240606-gjkwpshh9w
-
MD5
f908e496fd10a760b9fbdd64b2101c21
-
SHA1
aa32263197cfe9ce4d043d762547f45f2d8026b0
-
SHA256
c337a60974844bbe579fc933b065989fdb5a66350acfaa7952465c0e73a28ec0
-
SHA512
1a3407d52d319972f6fb780f1dce978feab9ef206ee12c0248c83d994ac027e5b9186971a3234e5983e7ac78e6fd0fe3d6c5fba3b79ef7dbb6435846d9fc7db7
-
SSDEEP
49152:MxmvumkQ9lY9sgUXdTPSxdQ8KX75IyuWuCjcCqWOyxy:Mxx9NUFkQx753uWuCyyxy
Malware Config
Targets
-
-
Target
c337a60974844bbe579fc933b065989fdb5a66350acfaa7952465c0e73a28ec0
-
Size
2.5MB
-
MD5
f908e496fd10a760b9fbdd64b2101c21
-
SHA1
aa32263197cfe9ce4d043d762547f45f2d8026b0
-
SHA256
c337a60974844bbe579fc933b065989fdb5a66350acfaa7952465c0e73a28ec0
-
SHA512
1a3407d52d319972f6fb780f1dce978feab9ef206ee12c0248c83d994ac027e5b9186971a3234e5983e7ac78e6fd0fe3d6c5fba3b79ef7dbb6435846d9fc7db7
-
SSDEEP
49152:MxmvumkQ9lY9sgUXdTPSxdQ8KX75IyuWuCjcCqWOyxy:Mxx9NUFkQx753uWuCyyxy
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Detects executables packed with Themida
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2Virtualization/Sandbox Evasion
1