Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

battleye_f...e).exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    battleye_forcer(change to exe).exe

  • Size

    14KB

  • Sample

    240610-f8fgvadd54

  • MD5

    11fd16c3fc9ce28b589a3fd6590ac5cf

  • SHA1

    766f464eae4faf18a5bd915854611af15d809a37

  • SHA256

    5847b365d88f808835e2163945ea4cc39ad39582ec88a3c789ce12704332adf2

  • SHA512

    28c342ca640d9479520bf18e04299582e9b3e8975c25913f34fbf5675d215c03b66edd65129da9d751edc3c9261320d5e738f3407bcc92738f2f8bb89cc6848a

  • SSDEEP

    192:9VV1zVZM/6GgGFwqNqnlAlP9meEMOkNPGgS5dgiaAws681vnt3Q5tfMc:N1zejFwuqnhcjC3

Score
9/10
evasion

Malware Config

Targets

    • Target

      battleye_forcer(change to exe).exe

    • Size

      14KB

    • MD5

      11fd16c3fc9ce28b589a3fd6590ac5cf

    • SHA1

      766f464eae4faf18a5bd915854611af15d809a37

    • SHA256

      5847b365d88f808835e2163945ea4cc39ad39582ec88a3c789ce12704332adf2

    • SHA512

      28c342ca640d9479520bf18e04299582e9b3e8975c25913f34fbf5675d215c03b66edd65129da9d751edc3c9261320d5e738f3407bcc92738f2f8bb89cc6848a

    • SSDEEP

      192:9VV1zVZM/6GgGFwqNqnlAlP9meEMOkNPGgS5dgiaAws681vnt3Q5tfMc:N1zejFwuqnhcjC3

    Score
    9/10
    evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks