Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    db97570a01873908d9790a206d1eb5f0N.exe

  • Size

    1.9MB

  • Sample

    240901-sdwxkavckg

  • MD5

    db97570a01873908d9790a206d1eb5f0

  • SHA1

    b77105f5ebc5848a08262e4f528405a54fe66532

  • SHA256

    f151a4e141442d10d6fe624521a29c03f1ee6142c6feff3c449c3bfccbf04596

  • SHA512

    126e2467c13c95988f90e6c44c4ad5fbeaca41fb33821fd9d0178b316c14e73647874cbd448e3c9eed4a9f4eca1c72d7283ab3615f5518da3031f0c7ccca776c

  • SSDEEP

    49152:ISlNHydXboE+2pKWTvP6p9kB/GS0fsXCFK:ISjydNCYn0+x

Malware Config

Targets

    • Target

      db97570a01873908d9790a206d1eb5f0N.exe

    • Size

      1.9MB

    • MD5

      db97570a01873908d9790a206d1eb5f0

    • SHA1

      b77105f5ebc5848a08262e4f528405a54fe66532

    • SHA256

      f151a4e141442d10d6fe624521a29c03f1ee6142c6feff3c449c3bfccbf04596

    • SHA512

      126e2467c13c95988f90e6c44c4ad5fbeaca41fb33821fd9d0178b316c14e73647874cbd448e3c9eed4a9f4eca1c72d7283ab3615f5518da3031f0c7ccca776c

    • SSDEEP

      49152:ISlNHydXboE+2pKWTvP6p9kB/GS0fsXCFK:ISjydNCYn0+x

    • Modifies visiblity of hidden/system files in Explorer

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks