Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5ebd603bd943d1fab5b7f0d9f676899a.bin

  • Size

    7.2MB

  • Sample

    240821-bp6sgatalg

  • MD5

    62b33df28de18e5cb7bdf2178d1cd778

  • SHA1

    80513e120c761dac923470b247e5bf707bac8491

  • SHA256

    fd35ffbb638ffae216064105cedc84e33c1cbc0324255cdaff39c9cb38e8c044

  • SHA512

    b3dc4e8f36307de4910a4b6607d77a583adb1abd6ddd7893a08f2499ec69bbd93e5fad360d40300f11ae0f17b4d2a274efd9ab2b08934a94039135c30a3ee72e

  • SSDEEP

    196608:c4r5F0EooeXhodWBcdAV1iGnDPz4ZN51q6gBG:c4rj0EotXUf01xH2N51qNG

Malware Config

Targets

    • Target

      Microsoft.Office.2021x64.v2023.04/GameInstall.exe

    • Size

      2.9MB

    • MD5

      22f542575ba038b66f07c3b0f9655091

    • SHA1

      79998a91f52d40407aeffcf8d3f0a186558b105c

    • SHA256

      cdcb245932330a14bf04f7012e2d9cba83f379cb86562450cc05d4a7ee7c8795

    • SHA512

      21f188d139f66fab2f0491fdd5f36f046c544be22cad167ca891ac700be7bebb6f7fc983bd960723a2c5c157c64f84a9f8e8ffdfd720268c81f899764adaaaf5

    • SSDEEP

      49152:omc9qSBy7jJR18Ct/dRSg6pYFkRRtLuoUTVAJp4t:om0JEPXeRtLuoEm4t

    Score
    3/10
    • Target

      Setup.exe

    • Size

      6.4MB

    • MD5

      df24a20345970361d56a4ddd210f6ae2

    • SHA1

      114968d8674056544ae5d44f47ebb8706315a325

    • SHA256

      8668f86e66efeec34f40b36eb8c6b74c838dc262eb3a1e710248ca3b81466423

    • SHA512

      e241d6ff40199076519cfcfc734477702e1ef3e635b2ed22b74589fe98995aa8e5381ba7dac89a6a6d248546f0b1f7d9e1f3cfe8e78427d803b8979d55094a46

    • SSDEEP

      98304:BSqyTkDBTnveokskBpmeLwgIhw3kc0TGQANu051h5tRA8kY67kE7:Eq+kDJnLjkBp79Ihw3kczN751k8tJe

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks