Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
release7-31-24.rar
-
Size
8.3MB
-
Sample
240802-srsr3atgqg
-
MD5
cb9271d216c9fe385a46819f36342422
-
SHA1
75846b856517b43bfa3b6da47f129d8a671cdd55
-
SHA256
6a2c64b6a8886226d84ecc3927f13a698036d8530f4e6fcb0920c52f3ef90e11
-
SHA512
e53f677320656bf21badaf253949394db6a13b1af4670c66f38ff28f8ff939b5eca08c6b805389952f877f4b455ccbcddb34422bac332dde26f291d14224ed6c
-
SSDEEP
196608:3oyHsUibNIJdT9ZNTlwtpR17HexAvGUFi0gpuKLoqizxw1wQ:3oyHlibNQdTjepR17HOA+UA0gxLonzu
Behavioral task
behavioral1
Sample
release/main/cheat.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
release/main/cheat.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
release/main/loader.exe
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
release/main/loader.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
release/map/Map.exe
Resource
win7-20240708-en
Behavioral task
behavioral6
Sample
release/map/Map.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
release/main/cheat.exe
-
Size
4.1MB
-
MD5
ad553ae8b257510efb0667e1a22d93c0
-
SHA1
27b15cecc2e5fa44a03ef141c4c8dba9ca0fd799
-
SHA256
9f6f6517b4a0d0166b9d34ecb0ef212aea6d910a115ed64263d12139e6253a2d
-
SHA512
1b930b8b0b5ac4a59d281aed1d919e948f5f8d9455c5e213ff1bdfb761809578b916ea63de0c3815e0f8be40dc16416fd69ffae22a3fa22b1dadf3b55c5a98b0
-
SSDEEP
98304:xnMWX+ipyg5lOQ/i6jHwqbhYtGhDxoIBN5ihprcE5Aq2lSvcNG9VDyD:xnMu9p8Q/ia3PhDxribQvq2EcNGjDk
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Sets service image path in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
release/main/loader.exe
-
Size
4.1MB
-
MD5
9ecdc9ed1bea6c226f92d740d43400b9
-
SHA1
b5b5066cd4284733d8c3f3d7de3ca6653091ae10
-
SHA256
60c57f14c2e0e0df0bda16646b21dddceaee0159dafbbb8daba310d4e1b5be6c
-
SHA512
30bc705a2438288e3647d5adfc6119d751823970972b9c6b39a60384a2b7ac261986026b8d1c0b0ca7ee3d7e95363c97b873fdc5fad4096c903cb4e15bf57e43
-
SSDEEP
98304:vnUGAC+hqc8lqvdzw2nsNKYYURyc9JirsN4JzmUPj:PTn2qcUzp6UYeJRCxPj
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
release/map/Map.exe
-
Size
416KB
-
MD5
36c50332466b6e921edb79ea4b240278
-
SHA1
5b858fb375235e7638b7cef22ca972d27ce9cacc
-
SHA256
0a76f7d189b368598ee017d0094a6698ffff66d0f981f85769971170ca29e042
-
SHA512
fbc23c9d21e9dd3fbb7eac87fcee7e9db52d6c6450402ec90a7ba43940029af00d4ab9db8f0e662f30d8f99a34326673f26051932e2ae7afcfb377d053f4cc41
-
SSDEEP
12288:rbNG38Jf2mCsCTyTH8+vtQ7BWD24cVLxSf0:rbNG38Jf2mCsCTMc+laBH4cVLxSf
Score8/10-
Modify Registry: Disable Windows Driver Blocklist
Disable Windows Driver Blocklist via Registry.
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Impair Defenses
1Modify Registry
3Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
1