Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    cheat.exe

  • Size

    4.0MB

  • Sample

    241003-p5zkzsxhmr

  • MD5

    b85d921021263f9de8c46b7c1540d746

  • SHA1

    9ebac0f8f2c3b25ee97eba8690059314e051da63

  • SHA256

    e96975a0736f3451cd0ef2209c1a0de060232d6eceaf9c1febcf62917a1dbcb1

  • SHA512

    1d2d71dcddfc0d03e9f5c1f4ecc3da1eb3d1ec3ffd3ca11919cde9c91114da94a192206e3c4a4d28f80aee176634d1cbce358ed71e116a53d834c25b3ef936fa

  • SSDEEP

    98304:Et/x+ZwFGgE9sZ0jXj/9IZGnezACcOGKM7wp+d5mzVk:Et5N8Y0jXjhYY6qwk

Malware Config

Targets

    • Target

      cheat.exe

    • Size

      4.0MB

    • MD5

      b85d921021263f9de8c46b7c1540d746

    • SHA1

      9ebac0f8f2c3b25ee97eba8690059314e051da63

    • SHA256

      e96975a0736f3451cd0ef2209c1a0de060232d6eceaf9c1febcf62917a1dbcb1

    • SHA512

      1d2d71dcddfc0d03e9f5c1f4ecc3da1eb3d1ec3ffd3ca11919cde9c91114da94a192206e3c4a4d28f80aee176634d1cbce358ed71e116a53d834c25b3ef936fa

    • SSDEEP

      98304:Et/x+ZwFGgE9sZ0jXj/9IZGnezACcOGKM7wp+d5mzVk:Et5N8Y0jXjhYY6qwk

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Sets service image path in registry

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks