Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    AfipInstal 3491467912.msi

  • Size

    28.7MB

  • Sample

    240630-fj2c1sxdpp

  • MD5

    90a8aeea10139c563654d6fca6bf2e50

  • SHA1

    c3bd41d576175e0ee0fe8c06b94720370e1f79f8

  • SHA256

    1f76c709241f0fb8624e10ef2f969894af1de4b22b057fcd7e9064dba760a182

  • SHA512

    3f3d3268711f2e8c355411967048a2c84b8b1f6b12b74d6c345c2e6ede27a3648a69e41855f19f2a201dcc102c723ba8a917a1c94946bda72d0c63ab98a7e01c

  • SSDEEP

    786432:bG59Ebw+dsspncz4vvS1iP6KfHCp3N3QMVvF:bS9EXdL3CsP6wrGvF

Malware Config

Targets

    • Target

      AfipInstal 3491467912.msi

    • Size

      28.7MB

    • MD5

      90a8aeea10139c563654d6fca6bf2e50

    • SHA1

      c3bd41d576175e0ee0fe8c06b94720370e1f79f8

    • SHA256

      1f76c709241f0fb8624e10ef2f969894af1de4b22b057fcd7e9064dba760a182

    • SHA512

      3f3d3268711f2e8c355411967048a2c84b8b1f6b12b74d6c345c2e6ede27a3648a69e41855f19f2a201dcc102c723ba8a917a1c94946bda72d0c63ab98a7e01c

    • SSDEEP

      786432:bG59Ebw+dsspncz4vvS1iP6KfHCp3N3QMVvF:bS9EXdL3CsP6wrGvF

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks