Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
privtoolscringeasfnamecracked.zip
-
Size
42.9MB
-
Sample
240823-1rq78s1dmq
-
MD5
59daa83e0f9a4ff754e7aeadb1356ce1
-
SHA1
a95d200c49572dc766a975c6df411c32b3c009a5
-
SHA256
48f7fbe3cb26ad15725dea3facde3fd49e0708c59e35a0752bf7dc39a84ea4ce
-
SHA512
c2325aed9074addfc406b559d7d7f6b628f7092d9c4a732146d80eb3a648ef3c2af0e60e5ef5bdb437b9ba22c3deae60dc014b57eeb4d7ed204959a1b59062c0
-
SSDEEP
786432:d/IOVz164uUCSBYhoiN3m6/4dl37+ErvnLOOtN+:VVcSp5Q3TWl3PrzW
Behavioral task
behavioral1
Sample
crack.dll
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
crack.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
loader.exe
Resource
win7-20240729-en
Behavioral task
behavioral4
Sample
loader.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
privatools.exe
Resource
win7-20240704-en
Malware Config
Targets
-
-
Target
crack.dll
-
Size
2.3MB
-
MD5
36e6e177248684cd8910b736b8a53bf8
-
SHA1
c139c6dee245e18fea12c5b5c15d3b14580c718e
-
SHA256
80f1508a454aca11f7012f47c497b25d848b6f803417f194eb8a340a35d98020
-
SHA512
910a88307878cabf052a061887a82c6ac5382ffe87dd60a7576e90e8807f84fe73e6670db5ab0f27736cfb18338278babaae2e5d02bdd038c14c63ffc7ebe45a
-
SSDEEP
49152:AB5FQmkom+KbxROsCZvYCYyhWefdmjLdGGf:Zom+Kb4vYCYyBfdmjLdGGf
Score1/10 -
-
-
Target
loader.exe
-
Size
5.3MB
-
MD5
8106fe1bba482da9cf1436a1fac73230
-
SHA1
2eea03f71155c437875d00a9c8de052689dcb824
-
SHA256
c5e0a4e8bcb73aa7b6da814ac986d07836f87aa70af84620087eaa8ccb680ff7
-
SHA512
a98e7452ecbf0a4493da4d471b719f5c2e88d0526a9b1a9ac7ed3eda1c131401184c425f3b858d588e2b75d5747e47671e7a4d2f04c8071d847f9721dc19bdad
-
SSDEEP
98304:9QROUfH/3HV6K1eiTzW2H0P2U9HenTueByxs0oahbG6IfDMMllqg7:9QvfflRLUPBenTuMyxs0oejIfDMgln7
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
privatools.exe
-
Size
37.9MB
-
MD5
45f5f568b7ee52fa38c7683d7948ba4c
-
SHA1
d9c0676464a89f002bf34d26547fa47df2bc9132
-
SHA256
95c3197b3d1c6161cae995ad4580124d26d7025b809b99ac1c1180a103fa1ec0
-
SHA512
ad1b04de3aa5354d06efd51e1006330a526b2aa4be9b335fea3a083e69a434a732b52a983633c3effb0c08484c78b58006da6cc0783a5591e9419621b8071d8f
-
SSDEEP
786432:4WQtskXCcDlS9cQEWhhQCLL/JdCjUEzjLxi0xpQFu4QBWaFuJR8:rQtBXyOQJbF/+LzjLxi0PQw4QBz
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-