Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    X_protected.exe

  • Size

    7.5MB

  • Sample

    240723-qk7arssark

  • MD5

    40daf12b1ddad422314d75caffbf8e63

  • SHA1

    93559caf20d42d455ad31dfb83da22ce26abbe9d

  • SHA256

    48f0dc575984fcbd4f0ae9a3f434d8fd6163b6f470bef7b8cd23b9dad858c211

  • SHA512

    782f5f3edcba370f1fee58e34aba033eb60b164c907cac4d4b69f9a542061f16ad9297c44834c76914a25418c01d603472494db83888821a0c02076c07ff22c1

  • SSDEEP

    196608:U+8zOaubUiLpwYETSEzYeGh07NWsS68mp5KZzgsY:U+Ue4iLGYETlzYBh0RS68iKZc

Malware Config

Targets

    • Target

      X_protected.exe

    • Size

      7.5MB

    • MD5

      40daf12b1ddad422314d75caffbf8e63

    • SHA1

      93559caf20d42d455ad31dfb83da22ce26abbe9d

    • SHA256

      48f0dc575984fcbd4f0ae9a3f434d8fd6163b6f470bef7b8cd23b9dad858c211

    • SHA512

      782f5f3edcba370f1fee58e34aba033eb60b164c907cac4d4b69f9a542061f16ad9297c44834c76914a25418c01d603472494db83888821a0c02076c07ff22c1

    • SSDEEP

      196608:U+8zOaubUiLpwYETSEzYeGh07NWsS68mp5KZzgsY:U+Ue4iLGYETlzYBh0RS68iKZc

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Drops startup file

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks