Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
O0JH5_NewTextDocument.bat
-
Size
2KB
-
Sample
241005-eqyd9syfnc
-
MD5
1249778163d6bf686b1eb98029fc689b
-
SHA1
eda466fb3713e0ef8887901036a82a0734b3d47e
-
SHA256
96c4762d494abe04fa78c60d19af178d3a82ee7d75bda3be35d3ef1e5f1225ca
-
SHA512
329774fc4a3a8acc91d4366a868323a53053c1e848c84445cadab6ac851df8dea57f16c9d877dd376611ae88c2ce9ea6fcaa970729c36f50859f77988b771a5b
Static task
static1
Behavioral task
behavioral1
Sample
O0JH5_NewTextDocument.bat
Resource
win7-20240903-en
Malware Config
Extracted
https://cdn.discordapp.com/attachments/1291967647767859211/1291972588448514110/ZEN_protected.exe?ex=67020abc&is=6700b93c&hm=7b6c09bd4889de22214c218e9f6bd8b174172db46c5a7b2c5ca6d7b6793fe773
Targets
-
-
Target
O0JH5_NewTextDocument.bat
-
Size
2KB
-
MD5
1249778163d6bf686b1eb98029fc689b
-
SHA1
eda466fb3713e0ef8887901036a82a0734b3d47e
-
SHA256
96c4762d494abe04fa78c60d19af178d3a82ee7d75bda3be35d3ef1e5f1225ca
-
SHA512
329774fc4a3a8acc91d4366a868323a53053c1e848c84445cadab6ac851df8dea57f16c9d877dd376611ae88c2ce9ea6fcaa970729c36f50859f77988b771a5b
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Legitimate hosting services abused for malware hosting/C2
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-