Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    02361cd60f5298950adc950dff1a91b4.bin

  • Size

    498KB

  • Sample

    240611-bqe15syhjk

  • MD5

    02361cd60f5298950adc950dff1a91b4

  • SHA1

    dc56996cea0a4599f376111267f3b688f1e30362

  • SHA256

    2426ae0a0e63fa1102ab84b0fa0ccb98c15546c6778512608c8e0ce06c73b71a

  • SHA512

    563ec30e190ad988402128583cb2d642e0440e89eb286d44e62fb2a93d77a2c3430900515ff0fd0c2d007cc510dd10d3e933bbd7cc8141823abe39e58c62d88e

  • SSDEEP

    12288:V+XGr3PS5oHUeJjF1dBzk27QRQ62e2p2iR9sadpHr1+XLiZ9g:l/HUUb7AQPRiCp

Score
9/10

Malware Config

Targets

    • Target

      02361cd60f5298950adc950dff1a91b4.bin

    • Size

      498KB

    • MD5

      02361cd60f5298950adc950dff1a91b4

    • SHA1

      dc56996cea0a4599f376111267f3b688f1e30362

    • SHA256

      2426ae0a0e63fa1102ab84b0fa0ccb98c15546c6778512608c8e0ce06c73b71a

    • SHA512

      563ec30e190ad988402128583cb2d642e0440e89eb286d44e62fb2a93d77a2c3430900515ff0fd0c2d007cc510dd10d3e933bbd7cc8141823abe39e58c62d88e

    • SSDEEP

      12288:V+XGr3PS5oHUeJjF1dBzk27QRQ62e2p2iR9sadpHr1+XLiZ9g:l/HUUb7AQPRiCp

    Score
    9/10
    • Looks for VirtualBox Guest Additions in registry

    • Looks for VMWare Tools registry key

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks