Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
PCHunter64_new.exe
-
Size
6.8MB
-
Sample
240709-za5tmawbmd
-
MD5
a2ed2bf5957b0b2d33eb778a443d15d0
-
SHA1
889b45e70070c3ef4b8cd900fdc43140a5ed8105
-
SHA256
866f59529cf4e0a4c2c4bcd2b9d5d18ece73bf99470ea1be81b26f91b586b174
-
SHA512
b50b7416bc75324866407e08fd9bb29b0abed501e0720bb77721ce4922d7512221f93becc9cd37efd73b4bf0984d4db5a4da13e896f988256333d972e22ffba8
-
SSDEEP
98304:9/oLQtqGhZrqNPMethNf9LemgaIhyZKylL+bKtOK6d6ZyrcWfQubWXk:9z7rqeer3VIhGNcKtOK6d6QrJIlk
Behavioral task
behavioral1
Sample
PCHunter64_new.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
PCHunter64_new.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
PCHunter64_new.exe
-
Size
6.8MB
-
MD5
a2ed2bf5957b0b2d33eb778a443d15d0
-
SHA1
889b45e70070c3ef4b8cd900fdc43140a5ed8105
-
SHA256
866f59529cf4e0a4c2c4bcd2b9d5d18ece73bf99470ea1be81b26f91b586b174
-
SHA512
b50b7416bc75324866407e08fd9bb29b0abed501e0720bb77721ce4922d7512221f93becc9cd37efd73b4bf0984d4db5a4da13e896f988256333d972e22ffba8
-
SSDEEP
98304:9/oLQtqGhZrqNPMethNf9LemgaIhyZKylL+bKtOK6d6ZyrcWfQubWXk:9z7rqeer3VIhGNcKtOK6d6QrJIlk
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Sets service image path in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Impair Defenses: Safe Mode Boot
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Impair Defenses
1Safe Mode Boot
1Modify Registry
1Virtualization/Sandbox Evasion
1