Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a4adcadbee21838b0665a5fc9eb11b89_JaffaCakes118

  • Size

    1.3MB

  • Sample

    240613-klsaca1fng

  • MD5

    a4adcadbee21838b0665a5fc9eb11b89

  • SHA1

    5c400d52700658880a1e66bb7b4d55f206d207ae

  • SHA256

    8f2a167dd6f3f34ff6feb34e87d86b1cd606f8e8f1efb689c661c129e59206fe

  • SHA512

    bf69d29e06c15a2470b67cf784793ca45dafc60d80ebdd55298f182c8238edfeb66ec599285f34599c93ec43bdd5294f003ea50609f2d8ea4b3b20331795751b

  • SSDEEP

    24576:O54E9wEN2K/AvAePZAfqYBOzRY+3zgFOFz1+UDon2+E7GJE5Wsver2pJRGTEcKlg:E4SwpK/tCZAfqIOB3zu8z4UDo2hQE8e4

Score
9/10

Malware Config

Targets

    • Target

      efriendplus.exe

    • Size

      1.4MB

    • MD5

      143aa9f41bdc16a2da132b34b108588e

    • SHA1

      498aaae404e3fa8c08c17717cab87d4e28c9832c

    • SHA256

      8d34adebf7360dff60c3f8cf90534d27cc38dfef79f6f208240f0416ad39ab18

    • SHA512

      702c949e972abedc6424686654f104e7b5f96a42163bad963e25d7b114587c37a1921527bb28dbc7ce53093dd4cc9a3fb1c8beff09fbb240e53019886ffd4cb9

    • SSDEEP

      24576:J/g09wCN2LBc/AI6PPcpZyDDEBCBo/WLVSO29tqAlEwTAnoZODMH6euly2P9FRP6:RgCw3K/p6PPcpZ5UBNVSFk1wUoTaeW9e

    Score
    9/10
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks