Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
a4adcadbee21838b0665a5fc9eb11b89_JaffaCakes118
-
Size
1.3MB
-
Sample
240613-klsaca1fng
-
MD5
a4adcadbee21838b0665a5fc9eb11b89
-
SHA1
5c400d52700658880a1e66bb7b4d55f206d207ae
-
SHA256
8f2a167dd6f3f34ff6feb34e87d86b1cd606f8e8f1efb689c661c129e59206fe
-
SHA512
bf69d29e06c15a2470b67cf784793ca45dafc60d80ebdd55298f182c8238edfeb66ec599285f34599c93ec43bdd5294f003ea50609f2d8ea4b3b20331795751b
-
SSDEEP
24576:O54E9wEN2K/AvAePZAfqYBOzRY+3zgFOFz1+UDon2+E7GJE5Wsver2pJRGTEcKlg:E4SwpK/tCZAfqIOB3zu8z4UDo2hQE8e4
Static task
static1
Behavioral task
behavioral1
Sample
efriendplus.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
efriendplus.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
efriendplus.exe
-
Size
1.4MB
-
MD5
143aa9f41bdc16a2da132b34b108588e
-
SHA1
498aaae404e3fa8c08c17717cab87d4e28c9832c
-
SHA256
8d34adebf7360dff60c3f8cf90534d27cc38dfef79f6f208240f0416ad39ab18
-
SHA512
702c949e972abedc6424686654f104e7b5f96a42163bad963e25d7b114587c37a1921527bb28dbc7ce53093dd4cc9a3fb1c8beff09fbb240e53019886ffd4cb9
-
SSDEEP
24576:J/g09wCN2LBc/AI6PPcpZyDDEBCBo/WLVSO29tqAlEwTAnoZODMH6euly2P9FRP6:RgCw3K/p6PPcpZ5UBNVSFk1wUoTaeW9e
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-