Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Magic.exe

  • Size

    5.4MB

  • Sample

    240821-ctwzhazakn

  • MD5

    632261a647d176fab4179afca83a6751

  • SHA1

    22d032ffa9a12737c78437582e833beb644230e1

  • SHA256

    e4ba2c8e5ede2d6bbc3a9009a4c588ebbe8a1381cc2e3286ae36a1a87eb3241b

  • SHA512

    6e50432682a6fe3b9e5039ccc0776193f464bd1605974f946431b477d2dad9a267019df38d65a7cd5282f4933c0fb76dad6b33923b08ca76d28d3e8925f84f87

  • SSDEEP

    98304:azz8zUAYRMhX8yJwO+H5S1//wvZWMoniz3SM0fcEQkouKMRXjDNUBT0D8l:c8zUAKMJlJT+H0VovT34cEgMJDkTo2

Malware Config

Targets

    • Target

      Magic.exe

    • Size

      5.4MB

    • MD5

      632261a647d176fab4179afca83a6751

    • SHA1

      22d032ffa9a12737c78437582e833beb644230e1

    • SHA256

      e4ba2c8e5ede2d6bbc3a9009a4c588ebbe8a1381cc2e3286ae36a1a87eb3241b

    • SHA512

      6e50432682a6fe3b9e5039ccc0776193f464bd1605974f946431b477d2dad9a267019df38d65a7cd5282f4933c0fb76dad6b33923b08ca76d28d3e8925f84f87

    • SSDEEP

      98304:azz8zUAYRMhX8yJwO+H5S1//wvZWMoniz3SM0fcEQkouKMRXjDNUBT0D8l:c8zUAKMJlJT+H0VovT34cEgMJDkTo2

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Stops running service(s)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks