Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b90d12e54c149a9b15e95761ba99920b5587e675ad36651837ecc8f75dbdf090

  • Size

    14.4MB

  • Sample

    240809-fpkx8axblj

  • MD5

    09ba58f675e9afda6d0d167a07a1dc6e

  • SHA1

    54295cc2221cc4226785dae11bed4da9ca7a5686

  • SHA256

    b90d12e54c149a9b15e95761ba99920b5587e675ad36651837ecc8f75dbdf090

  • SHA512

    ee0107801a1cbc39657bb28b9e8c3295192aa2dd720fad3332bdf48079bd25cdfb569751ef069ab9ea5d4232e73cabe89799439806d0d59ebf85b2a3bea8adf2

  • SSDEEP

    393216:QsDW1Lps9BPD+oJg3PjTJC1H5UfWSt/WS3402w:QsKlpEtSoJaPj94C/WR0H

Malware Config

Targets

    • Target

      b90d12e54c149a9b15e95761ba99920b5587e675ad36651837ecc8f75dbdf090

    • Size

      14.4MB

    • MD5

      09ba58f675e9afda6d0d167a07a1dc6e

    • SHA1

      54295cc2221cc4226785dae11bed4da9ca7a5686

    • SHA256

      b90d12e54c149a9b15e95761ba99920b5587e675ad36651837ecc8f75dbdf090

    • SHA512

      ee0107801a1cbc39657bb28b9e8c3295192aa2dd720fad3332bdf48079bd25cdfb569751ef069ab9ea5d4232e73cabe89799439806d0d59ebf85b2a3bea8adf2

    • SSDEEP

      393216:QsDW1Lps9BPD+oJg3PjTJC1H5UfWSt/WS3402w:QsKlpEtSoJaPj94C/WR0H

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Checks whether UAC is enabled

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks