Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
e431ecc0f1264b31c733e90b32df00d585caa4b9e5f278ab93d35a9ba10fe891
-
Size
6.4MB
-
Sample
240814-emywmawfkh
-
MD5
c7afd183b61a534a02fa17986cc3c4c6
-
SHA1
88cd9fbe14750bf195051ea372f0204ea3ab2894
-
SHA256
e431ecc0f1264b31c733e90b32df00d585caa4b9e5f278ab93d35a9ba10fe891
-
SHA512
3afeab93f379ad37c13bb4dd91d9854b2196bbf25d0a0307f3926d0cffe8392903635fb93498dab65836adcc986a19e6714e88aff9e8682f0c38305e9c4072d6
-
SSDEEP
98304:gWOxsWVliEjxLkSpgRg55FW5sbrM1gno6vGIQhoFxtTodLyM7xe54bwTt+:XO+2Fa2HWKnouGIiiLoy4e54b/
Static task
static1
Behavioral task
behavioral1
Sample
e431ecc0f1264b31c733e90b32df00d585caa4b9e5f278ab93d35a9ba10fe891.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
e431ecc0f1264b31c733e90b32df00d585caa4b9e5f278ab93d35a9ba10fe891.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
e431ecc0f1264b31c733e90b32df00d585caa4b9e5f278ab93d35a9ba10fe891
-
Size
6.4MB
-
MD5
c7afd183b61a534a02fa17986cc3c4c6
-
SHA1
88cd9fbe14750bf195051ea372f0204ea3ab2894
-
SHA256
e431ecc0f1264b31c733e90b32df00d585caa4b9e5f278ab93d35a9ba10fe891
-
SHA512
3afeab93f379ad37c13bb4dd91d9854b2196bbf25d0a0307f3926d0cffe8392903635fb93498dab65836adcc986a19e6714e88aff9e8682f0c38305e9c4072d6
-
SSDEEP
98304:gWOxsWVliEjxLkSpgRg55FW5sbrM1gno6vGIQhoFxtTodLyM7xe54bwTt+:XO+2Fa2HWKnouGIiiLoy4e54b/
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-