Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
battleye_forcer(change to exe).exe
-
Size
14KB
-
Sample
240610-f8fgvadd54
-
MD5
11fd16c3fc9ce28b589a3fd6590ac5cf
-
SHA1
766f464eae4faf18a5bd915854611af15d809a37
-
SHA256
5847b365d88f808835e2163945ea4cc39ad39582ec88a3c789ce12704332adf2
-
SHA512
28c342ca640d9479520bf18e04299582e9b3e8975c25913f34fbf5675d215c03b66edd65129da9d751edc3c9261320d5e738f3407bcc92738f2f8bb89cc6848a
-
SSDEEP
192:9VV1zVZM/6GgGFwqNqnlAlP9meEMOkNPGgS5dgiaAws681vnt3Q5tfMc:N1zejFwuqnhcjC3
Static task
static1
Behavioral task
behavioral1
Sample
battleye_forcer(change to exe).exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
battleye_forcer(change to exe).exe
-
Size
14KB
-
MD5
11fd16c3fc9ce28b589a3fd6590ac5cf
-
SHA1
766f464eae4faf18a5bd915854611af15d809a37
-
SHA256
5847b365d88f808835e2163945ea4cc39ad39582ec88a3c789ce12704332adf2
-
SHA512
28c342ca640d9479520bf18e04299582e9b3e8975c25913f34fbf5675d215c03b66edd65129da9d751edc3c9261320d5e738f3407bcc92738f2f8bb89cc6848a
-
SSDEEP
192:9VV1zVZM/6GgGFwqNqnlAlP9meEMOkNPGgS5dgiaAws681vnt3Q5tfMc:N1zejFwuqnhcjC3
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-