Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Trixx_Spoofer_protected (1).exe

  • Size

    3.5MB

  • Sample

    240806-gw38ta1fnl

  • MD5

    1ebe588f34203da1d42e36a7aa7e5cd1

  • SHA1

    5ed14541f50df5106c77dddf22326092c9d1c23f

  • SHA256

    a93a40597266db70576237aeb0f944358a5988ce0bd4799d2f9438ace11bbc48

  • SHA512

    2e867970d8d4e5f1ee17321f8e3f2dfc5e4e901ed859d40082e19ff8684f8ce1eb1537055cf70b36b294fecb0a2ba26af33687cd14d6ff0f99975d9f6cceadc8

  • SSDEEP

    98304:MWzu1SEzVBy7IRcEU9+CjJ3BCsNy3Ab/EqEVgtDQ:MRj7ywg++Rdg3ArEqEg2

Malware Config

Targets

    • Target

      Trixx_Spoofer_protected (1).exe

    • Size

      3.5MB

    • MD5

      1ebe588f34203da1d42e36a7aa7e5cd1

    • SHA1

      5ed14541f50df5106c77dddf22326092c9d1c23f

    • SHA256

      a93a40597266db70576237aeb0f944358a5988ce0bd4799d2f9438ace11bbc48

    • SHA512

      2e867970d8d4e5f1ee17321f8e3f2dfc5e4e901ed859d40082e19ff8684f8ce1eb1537055cf70b36b294fecb0a2ba26af33687cd14d6ff0f99975d9f6cceadc8

    • SSDEEP

      98304:MWzu1SEzVBy7IRcEU9+CjJ3BCsNy3Ab/EqEVgtDQ:MRj7ywg++Rdg3ArEqEg2

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks