Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    craftrise-x64.exe

  • Size

    15.2MB

  • Sample

    240802-sjqyhateqd

  • MD5

    3982ed9cde49aa9f32f50204c5f22c80

  • SHA1

    c9097e710fa660598b0ad93a2ec8f6b2e5ed077d

  • SHA256

    285f0acb1aa2cc58e7a509df3234ae8fb950d6942b1782050f4a62b405446cf1

  • SHA512

    70547254fd7619d97e6cff8b331fddcccb9eca45e0b3ba04158a8925864e26efe0bc10a282bdfb8dad21b65288c785b1b3c003e3dc2fc4a7299293d46f99dfe2

  • SSDEEP

    393216:T454ItsLe/L+RNYzj8bahTFYxTTxSL8XW5YNNCbimY:To4csLeDkNYnWEYxfzXW5VY

Malware Config

Targets

    • Target

      craftrise-x64.exe

    • Size

      15.2MB

    • MD5

      3982ed9cde49aa9f32f50204c5f22c80

    • SHA1

      c9097e710fa660598b0ad93a2ec8f6b2e5ed077d

    • SHA256

      285f0acb1aa2cc58e7a509df3234ae8fb950d6942b1782050f4a62b405446cf1

    • SHA512

      70547254fd7619d97e6cff8b331fddcccb9eca45e0b3ba04158a8925864e26efe0bc10a282bdfb8dad21b65288c785b1b3c003e3dc2fc4a7299293d46f99dfe2

    • SSDEEP

      393216:T454ItsLe/L+RNYzj8bahTFYxTTxSL8XW5YNNCbimY:To4csLeDkNYnWEYxfzXW5VY

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks