Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    chrome.zip

  • Size

    7.4MB

  • Sample

    240606-kvwdcsda78

  • MD5

    9bc9c81b8eb739550ced80cbe3876084

  • SHA1

    181c1b81eeccf882041c6e4bbfcbe3b09b5c96e6

  • SHA256

    2f78abcf8efd1843e5953bb000b487b50ba7bc1ded77933294b7c70cdc157675

  • SHA512

    1631cee8eb5c4f801423725cef27d27b4fef7bedb9f40242b5a4ff93f3b7a10c440446bc9e7521b887bb34284096ec4fa386ebec6c5e0398189adff6150fe167

  • SSDEEP

    196608:F5xXJC5ivSEB6ANotUNCHRkIWLYr+kNPJi2NteSw+B/Uktn5Sg:/DH6A2tUNCxkVLy+klXeSYjg

Score
9/10

Malware Config

Targets

    • Target

      QtCore4.dll

    • Size

      2.1MB

    • MD5

      2fe0599b45e4f112cedc69986d10d21b

    • SHA1

      3391843c5ddde45b17df309fe182c8dee1cb862a

    • SHA256

      29aba16000167af9217510f93e6da8def731a8a5132024a7b7d1ba4c9116b7a9

    • SHA512

      daa55eb9c223433b4d332e6aa40f2558057fcf98b01cf17f8aa68c9f53ffee9c56a86127efb37f7904282f7670608be9b4813a758d134e4c3ab501b4d0bdf39c

    • SSDEEP

      49152:tU6a2PjSQTUEZtQqhJXbQKFdu9UTj6ep+Tqv:/vjT9sKFdu9WpX

    Score
    3/10
    • Target

      QtGui4.dll

    • Size

      6.8MB

    • MD5

      ddd7cb6f7fcb04a7a22b8c88e54960c4

    • SHA1

      ec90b7dc14ba83b31557262f9f4694478cbb751a

    • SHA256

      ed88922666a2323c05c08c75f7ad29d049d1a36399ab988ad5ce1e86149cb450

    • SHA512

      0e6d046c4f4e5fab3bc0aea57a99f0a1779f7fb4a3950f0e302b65ef411c9a08c534607f1be9533fa82ea64be5a5391c28b5ab615de82680188e2b1d28c8fc07

    • SSDEEP

      196608:AEubw71Hqi7SVzQlgj2bMWE+LpoMk+dTha46Yuy7uNcK:AEuERKoukwmLlJdThxcZ7

    Score
    9/10
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      chrome.exe

    • Size

      178KB

    • MD5

      7cd87f8ad0cd8279f8699cd441238338

    • SHA1

      523c83c22647164b7e7465fecaf798f3be5ac2d8

    • SHA256

      71a7f53796731bd270704b825af080d1e84e2bb4d2184bb77926cd895dc87214

    • SHA512

      b5ee28a24ba6fc4bb0e8a5b0c1a5adbfac204be43635ad99998bd4617726a5b5f95876dbdc7807b30cc74569b431ef7eb4a540f3e62b759e2fb36df9cff10796

    • SSDEEP

      3072:k+sGBD3O9O6qe+4T+vqwqYROyCUbSIMAAAAAAAUAAAk2o5U:kZGBD3O9O6qe+4T+vqwqYROyCUbSDv5U

    Score
    9/10
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks