Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

Launcher.exe

windows7-x64

1

Launcher.exe

windows10-2004-x64

1

SFrame.exe

windows7-x64

9

SFrame.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3d385a043ddfd99f3ace8b257cdb605d_JaffaCakes118

  • Size

    5.6MB

  • Sample

    240712-nrlxastfra

  • MD5

    3d385a043ddfd99f3ace8b257cdb605d

  • SHA1

    0e2bb05c92ef53e33c9518b5dc88d8c31d852ba7

  • SHA256

    9e4e27726644f9c55726843a554cbecb792e1aec81aa01fc731ac1c7d088796d

  • SHA512

    a63ffdd4f5945602432216189a100eff25f9a04e4b4ed91cef441de26c53d1a04f22ab8b10041ed0999019003afbbc9e6f6acc53c00927050443313fa72f8db5

  • SSDEEP

    98304:YFMfyHc47Uorfs2wDulM7DvuYE915qNOjZuHOjVFZDOZAs1warcAsXos:YdtQyfs2aWM7il15qqZuHORFxOZIaroV

Score
9/10
evasion

Malware Config

Targets

    • Target

      Launcher.exe

    • Size

      768KB

    • MD5

      44d26dfc91b41666b7b5e5ea26229323

    • SHA1

      385355cf9c9aff91b28925354fb856c98a6ebd11

    • SHA256

      77ea014bed03382a26f313f72727dbe5954c90c572a75b890ca808e485fc4427

    • SHA512

      8a162d78a3ae9e7b2da4de3382070a25dccb4324c9b0b5b62adad0c7880f12a7b5fde9f5704de0a48cd1ba2eb5e8fa843ab3af6d087a5d2f588ac434d92721f8

    • SSDEEP

      12288:kFP5DEgn6zOXRToTa3JItX5QBB33vDc9TgBAUU0eiZCYCibQBP/qd1sVSv:kpn+6StX5QP33g9TsAUU07ZzCibQVY

    Score
    1/10
    behavioral1behavioral2

    • Target

      SFrame.exe

    • Size

      5.6MB

    • MD5

      64d6e2eb577287bf6b701cffcc30024e

    • SHA1

      216533e8e2c8badef62f43d7d0fb33d209bb9e4f

    • SHA256

      526a134c22202f0b334227aec9eeba3cc7ef0bac74b429ad5fb05bc5c10dd6c3

    • SHA512

      fdef0b4d0b85bd7971b9daffc9594b4c26c6d63c5acc960896668dbc3c01e3a763f11aa954bbce70b566166a3044e2a1f4d17708cc70a4d64712488db5aee364

    • SSDEEP

      98304:w9sHsm9c0V1849hCBM5dAW4nv9WrVNEOhOINns3HV7HxO9+Z9/+EXEohbg4lEVil:Lpai184PAM5qLv9WZN9xts317RO92+ER

    Score
    9/10
    evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks