Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3.2.5_protected.exe

  • Size

    4.6MB

  • Sample

    240930-zgz7qathqq

  • MD5

    745ec5c98a6ad15d28d86fb1bfcba633

  • SHA1

    88796dd0bb9292c06ecf10300855c7113e51cda1

  • SHA256

    ec6b6962c9f928398fbb568907df16bee8d54fe50f62a6ab6414a31b28b042fb

  • SHA512

    159a5c81773629ac775f8b68cf7930ea6c0c885ec32d2e67bb557b8a6924018d06b05434b8e0b8dca56ad7327586b54d67eb9ad0a02a70ecf0dfe3c2cf604618

  • SSDEEP

    98304:ELvqHMnmk9icnr5iElJmfC9Llghv4qJlKYqhMiEw/BTdMkoMBUs9vqfuN:xs1VnN7Dt03JcEwpTdISx17N

Malware Config

Targets

    • Target

      3.2.5_protected.exe

    • Size

      4.6MB

    • MD5

      745ec5c98a6ad15d28d86fb1bfcba633

    • SHA1

      88796dd0bb9292c06ecf10300855c7113e51cda1

    • SHA256

      ec6b6962c9f928398fbb568907df16bee8d54fe50f62a6ab6414a31b28b042fb

    • SHA512

      159a5c81773629ac775f8b68cf7930ea6c0c885ec32d2e67bb557b8a6924018d06b05434b8e0b8dca56ad7327586b54d67eb9ad0a02a70ecf0dfe3c2cf604618

    • SSDEEP

      98304:ELvqHMnmk9icnr5iElJmfC9Llghv4qJlKYqhMiEw/BTdMkoMBUs9vqfuN:xs1VnN7Dt03JcEwpTdISx17N

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks