Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
00fe05de6b1f112a3e17659ec0bb2dd0.bin
-
Size
2.5MB
-
Sample
240611-bdfrxaxgjb
-
MD5
00fe05de6b1f112a3e17659ec0bb2dd0
-
SHA1
47d3f75cc6abe09abff2b2e7b342608aed1e9d3a
-
SHA256
70b3b5426fea00573d7e5f93cd050357c1fcc3fa3ecfa5e41c5ffe71854ff2ce
-
SHA512
c36f588f83e9b830de82c99506f1fe02f23c1d1e33828d93c68449ce3166c991acbf68e7a509c32f020520928df9a61a36793f8e2ad6712b261633646a5d761f
-
SSDEEP
49152:hxmvumkQ9lY9sgUXdTPSxdQ8KX75IyuWuCjcCqWOyxJ:hxx9NUFkQx753uWuCyyxJ
Behavioral task
behavioral1
Sample
00fe05de6b1f112a3e17659ec0bb2dd0.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
00fe05de6b1f112a3e17659ec0bb2dd0.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
00fe05de6b1f112a3e17659ec0bb2dd0.bin
-
Size
2.5MB
-
MD5
00fe05de6b1f112a3e17659ec0bb2dd0
-
SHA1
47d3f75cc6abe09abff2b2e7b342608aed1e9d3a
-
SHA256
70b3b5426fea00573d7e5f93cd050357c1fcc3fa3ecfa5e41c5ffe71854ff2ce
-
SHA512
c36f588f83e9b830de82c99506f1fe02f23c1d1e33828d93c68449ce3166c991acbf68e7a509c32f020520928df9a61a36793f8e2ad6712b261633646a5d761f
-
SSDEEP
49152:hxmvumkQ9lY9sgUXdTPSxdQ8KX75IyuWuCjcCqWOyxJ:hxx9NUFkQx753uWuCyyxJ
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2Virtualization/Sandbox Evasion
1