Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    release8-2-24.rar

  • Size

    8.3MB

  • Sample

    240802-1hzg9awdmh

  • MD5

    9ddf898a31997b996835ad90e97a0456

  • SHA1

    fe540d466bd83336dbe5d6f8900d4422843b87de

  • SHA256

    a82292e2390e3711417d850b066b896eddded44282dfb28611c5ffc15009da24

  • SHA512

    9fe5f4aef8cd363c15be83db13cbc503a4f91195dc0474009b3c8a6a748a8d49a54114fe8dea0146663b4834f5475019cf40dca2d67a3a867fa823e229e49175

  • SSDEEP

    196608:z8RJVMrPFwtBWGF5guK6bqLxAvGUFi0gpuKLStuCcbI:z4VMrPWtDxb2A+UA0gxLSIbbI

Malware Config

Targets

    • Target

      release8-2-24/release/main/cheat.exe

    • Size

      4.1MB

    • MD5

      6b3a57759fbc362815348b8ce1475519

    • SHA1

      c340a5ae66aeb79a9dd4f8b69a5161fe4d9fa0fd

    • SHA256

      c218e0e1188dd4b7504a38031af9eeb268ad39d9fa64abd7b0813379a44e8cce

    • SHA512

      465416ae68f3b7616d917ee05bc5098aeb8ded7477cc74a46a7c5a74941dce29a4ebdb4dfc016bfaed736a8066923d9c51e5c8bf515d6b1017622f656dbe49f0

    • SSDEEP

      98304:VC96wN+PReiGh9iHzYLKy8D1oota/wfSvEYMnRVSAMJwYNIdT:OaGh9iHzYZ8D1vtMwfSvJAINIdT

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Sets service image path in registry

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      release8-2-24/release/main/loader.exe

    • Size

      4.1MB

    • MD5

      9ecdc9ed1bea6c226f92d740d43400b9

    • SHA1

      b5b5066cd4284733d8c3f3d7de3ca6653091ae10

    • SHA256

      60c57f14c2e0e0df0bda16646b21dddceaee0159dafbbb8daba310d4e1b5be6c

    • SHA512

      30bc705a2438288e3647d5adfc6119d751823970972b9c6b39a60384a2b7ac261986026b8d1c0b0ca7ee3d7e95363c97b873fdc5fad4096c903cb4e15bf57e43

    • SSDEEP

      98304:vnUGAC+hqc8lqvdzw2nsNKYYURyc9JirsN4JzmUPj:PTn2qcUzp6UYeJRCxPj

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      release8-2-24/release/map/Map.exe

    • Size

      416KB

    • MD5

      36c50332466b6e921edb79ea4b240278

    • SHA1

      5b858fb375235e7638b7cef22ca972d27ce9cacc

    • SHA256

      0a76f7d189b368598ee017d0094a6698ffff66d0f981f85769971170ca29e042

    • SHA512

      fbc23c9d21e9dd3fbb7eac87fcee7e9db52d6c6450402ec90a7ba43940029af00d4ab9db8f0e662f30d8f99a34326673f26051932e2ae7afcfb377d053f4cc41

    • SSDEEP

      12288:rbNG38Jf2mCsCTyTH8+vtQ7BWD24cVLxSf0:rbNG38Jf2mCsCTMc+laBH4cVLxSf

    • Modify Registry: Disable Windows Driver Blocklist

      Disable Windows Driver Blocklist via Registry.

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks