Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
X_protected.exe
-
Size
7.5MB
-
Sample
240723-qk7arssark
-
MD5
40daf12b1ddad422314d75caffbf8e63
-
SHA1
93559caf20d42d455ad31dfb83da22ce26abbe9d
-
SHA256
48f0dc575984fcbd4f0ae9a3f434d8fd6163b6f470bef7b8cd23b9dad858c211
-
SHA512
782f5f3edcba370f1fee58e34aba033eb60b164c907cac4d4b69f9a542061f16ad9297c44834c76914a25418c01d603472494db83888821a0c02076c07ff22c1
-
SSDEEP
196608:U+8zOaubUiLpwYETSEzYeGh07NWsS68mp5KZzgsY:U+Ue4iLGYETlzYBh0RS68iKZc
Malware Config
Targets
-
-
Target
X_protected.exe
-
Size
7.5MB
-
MD5
40daf12b1ddad422314d75caffbf8e63
-
SHA1
93559caf20d42d455ad31dfb83da22ce26abbe9d
-
SHA256
48f0dc575984fcbd4f0ae9a3f434d8fd6163b6f470bef7b8cd23b9dad858c211
-
SHA512
782f5f3edcba370f1fee58e34aba033eb60b164c907cac4d4b69f9a542061f16ad9297c44834c76914a25418c01d603472494db83888821a0c02076c07ff22c1
-
SSDEEP
196608:U+8zOaubUiLpwYETSEzYeGh07NWsS68mp5KZzgsY:U+Ue4iLGYETlzYBh0RS68iKZc
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1