Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    98afd4feb9c82d74686199f58b21d0470fe9c7ce6f86bc53ded6b3ac1503ef4f

  • Size

    2.5MB

  • Sample

    240711-czr8hawfma

  • MD5

    5824a4b66310c7d39e7801ff7e6d0d08

  • SHA1

    88237f48e2ff6d446638d6db16537f1274669130

  • SHA256

    98afd4feb9c82d74686199f58b21d0470fe9c7ce6f86bc53ded6b3ac1503ef4f

  • SHA512

    ffe5370847e06b5c81f162ca62998fe0d30981443a753330b5c8de0a09985f0aef2be99992162a81deeae0c22d24b0726b56c79b76598e87953fad03001103fc

  • SSDEEP

    49152:WxmvumkQ9lY9sgUXdTPSxdQ8KX75IyuWuCjcCqWOyxL:Wxx9NUFkQx753uWuCyyxL

Malware Config

Targets

    • Target

      98afd4feb9c82d74686199f58b21d0470fe9c7ce6f86bc53ded6b3ac1503ef4f

    • Size

      2.5MB

    • MD5

      5824a4b66310c7d39e7801ff7e6d0d08

    • SHA1

      88237f48e2ff6d446638d6db16537f1274669130

    • SHA256

      98afd4feb9c82d74686199f58b21d0470fe9c7ce6f86bc53ded6b3ac1503ef4f

    • SHA512

      ffe5370847e06b5c81f162ca62998fe0d30981443a753330b5c8de0a09985f0aef2be99992162a81deeae0c22d24b0726b56c79b76598e87953fad03001103fc

    • SSDEEP

      49152:WxmvumkQ9lY9sgUXdTPSxdQ8KX75IyuWuCjcCqWOyxL:Wxx9NUFkQx753uWuCyyxL

    • Modifies visiblity of hidden/system files in Explorer

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks