Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    O0JH5_NewTextDocument.bat

  • Size

    2KB

  • Sample

    241005-eqyd9syfnc

  • MD5

    1249778163d6bf686b1eb98029fc689b

  • SHA1

    eda466fb3713e0ef8887901036a82a0734b3d47e

  • SHA256

    96c4762d494abe04fa78c60d19af178d3a82ee7d75bda3be35d3ef1e5f1225ca

  • SHA512

    329774fc4a3a8acc91d4366a868323a53053c1e848c84445cadab6ac851df8dea57f16c9d877dd376611ae88c2ce9ea6fcaa970729c36f50859f77988b771a5b

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://cdn.discordapp.com/attachments/1291967647767859211/1291972588448514110/ZEN_protected.exe?ex=67020abc&is=6700b93c&hm=7b6c09bd4889de22214c218e9f6bd8b174172db46c5a7b2c5ca6d7b6793fe773

Targets

    • Target

      O0JH5_NewTextDocument.bat

    • Size

      2KB

    • MD5

      1249778163d6bf686b1eb98029fc689b

    • SHA1

      eda466fb3713e0ef8887901036a82a0734b3d47e

    • SHA256

      96c4762d494abe04fa78c60d19af178d3a82ee7d75bda3be35d3ef1e5f1225ca

    • SHA512

      329774fc4a3a8acc91d4366a868323a53053c1e848c84445cadab6ac851df8dea57f16c9d877dd376611ae88c2ce9ea6fcaa970729c36f50859f77988b771a5b

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Downloads MZ/PE file

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Legitimate hosting services abused for malware hosting/C2

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks