Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    00fe05de6b1f112a3e17659ec0bb2dd0.bin

  • Size

    2.5MB

  • Sample

    240611-bdfrxaxgjb

  • MD5

    00fe05de6b1f112a3e17659ec0bb2dd0

  • SHA1

    47d3f75cc6abe09abff2b2e7b342608aed1e9d3a

  • SHA256

    70b3b5426fea00573d7e5f93cd050357c1fcc3fa3ecfa5e41c5ffe71854ff2ce

  • SHA512

    c36f588f83e9b830de82c99506f1fe02f23c1d1e33828d93c68449ce3166c991acbf68e7a509c32f020520928df9a61a36793f8e2ad6712b261633646a5d761f

  • SSDEEP

    49152:hxmvumkQ9lY9sgUXdTPSxdQ8KX75IyuWuCjcCqWOyxJ:hxx9NUFkQx753uWuCyyxJ

Malware Config

Targets

    • Target

      00fe05de6b1f112a3e17659ec0bb2dd0.bin

    • Size

      2.5MB

    • MD5

      00fe05de6b1f112a3e17659ec0bb2dd0

    • SHA1

      47d3f75cc6abe09abff2b2e7b342608aed1e9d3a

    • SHA256

      70b3b5426fea00573d7e5f93cd050357c1fcc3fa3ecfa5e41c5ffe71854ff2ce

    • SHA512

      c36f588f83e9b830de82c99506f1fe02f23c1d1e33828d93c68449ce3166c991acbf68e7a509c32f020520928df9a61a36793f8e2ad6712b261633646a5d761f

    • SSDEEP

      49152:hxmvumkQ9lY9sgUXdTPSxdQ8KX75IyuWuCjcCqWOyxJ:hxx9NUFkQx753uWuCyyxJ

    • Modifies visiblity of hidden/system files in Explorer

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks