Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
3d385a043ddfd99f3ace8b257cdb605d_JaffaCakes118
-
Size
5.6MB
-
Sample
240712-nrlxastfra
-
MD5
3d385a043ddfd99f3ace8b257cdb605d
-
SHA1
0e2bb05c92ef53e33c9518b5dc88d8c31d852ba7
-
SHA256
9e4e27726644f9c55726843a554cbecb792e1aec81aa01fc731ac1c7d088796d
-
SHA512
a63ffdd4f5945602432216189a100eff25f9a04e4b4ed91cef441de26c53d1a04f22ab8b10041ed0999019003afbbc9e6f6acc53c00927050443313fa72f8db5
-
SSDEEP
98304:YFMfyHc47Uorfs2wDulM7DvuYE915qNOjZuHOjVFZDOZAs1warcAsXos:YdtQyfs2aWM7il15qqZuHORFxOZIaroV
Static task
static1
Behavioral task
behavioral1
Sample
Launcher.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
Launcher.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
SFrame.exe
Resource
win7-20240705-en
Behavioral task
behavioral4
Sample
SFrame.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
Launcher.exe
-
Size
768KB
-
MD5
44d26dfc91b41666b7b5e5ea26229323
-
SHA1
385355cf9c9aff91b28925354fb856c98a6ebd11
-
SHA256
77ea014bed03382a26f313f72727dbe5954c90c572a75b890ca808e485fc4427
-
SHA512
8a162d78a3ae9e7b2da4de3382070a25dccb4324c9b0b5b62adad0c7880f12a7b5fde9f5704de0a48cd1ba2eb5e8fa843ab3af6d087a5d2f588ac434d92721f8
-
SSDEEP
12288:kFP5DEgn6zOXRToTa3JItX5QBB33vDc9TgBAUU0eiZCYCibQBP/qd1sVSv:kpn+6StX5QP33g9TsAUU07ZzCibQVY
Score1/10 -
-
-
Target
SFrame.exe
-
Size
5.6MB
-
MD5
64d6e2eb577287bf6b701cffcc30024e
-
SHA1
216533e8e2c8badef62f43d7d0fb33d209bb9e4f
-
SHA256
526a134c22202f0b334227aec9eeba3cc7ef0bac74b429ad5fb05bc5c10dd6c3
-
SHA512
fdef0b4d0b85bd7971b9daffc9594b4c26c6d63c5acc960896668dbc3c01e3a763f11aa954bbce70b566166a3044e2a1f4d17708cc70a4d64712488db5aee364
-
SSDEEP
98304:w9sHsm9c0V1849hCBM5dAW4nv9WrVNEOhOINns3HV7HxO9+Z9/+EXEohbg4lEVil:Lpai184PAM5qLv9WZN9xts317RO92+ER
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-