Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e431ecc0f1264b31c733e90b32df00d585caa4b9e5f278ab93d35a9ba10fe891

  • Size

    6.4MB

  • Sample

    240814-emywmawfkh

  • MD5

    c7afd183b61a534a02fa17986cc3c4c6

  • SHA1

    88cd9fbe14750bf195051ea372f0204ea3ab2894

  • SHA256

    e431ecc0f1264b31c733e90b32df00d585caa4b9e5f278ab93d35a9ba10fe891

  • SHA512

    3afeab93f379ad37c13bb4dd91d9854b2196bbf25d0a0307f3926d0cffe8392903635fb93498dab65836adcc986a19e6714e88aff9e8682f0c38305e9c4072d6

  • SSDEEP

    98304:gWOxsWVliEjxLkSpgRg55FW5sbrM1gno6vGIQhoFxtTodLyM7xe54bwTt+:XO+2Fa2HWKnouGIiiLoy4e54b/

Malware Config

Targets

    • Target

      e431ecc0f1264b31c733e90b32df00d585caa4b9e5f278ab93d35a9ba10fe891

    • Size

      6.4MB

    • MD5

      c7afd183b61a534a02fa17986cc3c4c6

    • SHA1

      88cd9fbe14750bf195051ea372f0204ea3ab2894

    • SHA256

      e431ecc0f1264b31c733e90b32df00d585caa4b9e5f278ab93d35a9ba10fe891

    • SHA512

      3afeab93f379ad37c13bb4dd91d9854b2196bbf25d0a0307f3926d0cffe8392903635fb93498dab65836adcc986a19e6714e88aff9e8682f0c38305e9c4072d6

    • SSDEEP

      98304:gWOxsWVliEjxLkSpgRg55FW5sbrM1gno6vGIQhoFxtTodLyM7xe54bwTt+:XO+2Fa2HWKnouGIiiLoy4e54b/

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Checks whether UAC is enabled

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks