Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
5a8fb0d6f8d170f4a1054b55fd5ce72e195810d130ef6e72ea76ea9441dbb996.exe
-
Size
1.8MB
-
Sample
241009-nc45bstapm
-
MD5
92dd1108dbdebf3163c394deb38b0278
-
SHA1
e3a3638739deffd8b817a53b73f71cafbae978f6
-
SHA256
5a8fb0d6f8d170f4a1054b55fd5ce72e195810d130ef6e72ea76ea9441dbb996
-
SHA512
76a2c227ebfde9bb7a5b552b3ce7b95354ab439559c687b406d0ef85256d8921dd8f76ba73a5f4e9c2dc2cf6db4ee1204b2c49af74c869e7409a7259e25b972d
-
SSDEEP
49152:0mZrOsi5Xy6A90bRGnWnTSU7cPju7eBLruvdsbZU:0gCsgCradHSU75eBmvdkZU
Static task
static1
Behavioral task
behavioral1
Sample
5a8fb0d6f8d170f4a1054b55fd5ce72e195810d130ef6e72ea76ea9441dbb996.exe
Resource
win7-20240903-en
Malware Config
Extracted
lumma
Targets
-
-
Target
5a8fb0d6f8d170f4a1054b55fd5ce72e195810d130ef6e72ea76ea9441dbb996.exe
-
Size
1.8MB
-
MD5
92dd1108dbdebf3163c394deb38b0278
-
SHA1
e3a3638739deffd8b817a53b73f71cafbae978f6
-
SHA256
5a8fb0d6f8d170f4a1054b55fd5ce72e195810d130ef6e72ea76ea9441dbb996
-
SHA512
76a2c227ebfde9bb7a5b552b3ce7b95354ab439559c687b406d0ef85256d8921dd8f76ba73a5f4e9c2dc2cf6db4ee1204b2c49af74c869e7409a7259e25b972d
-
SSDEEP
49152:0mZrOsi5Xy6A90bRGnWnTSU7cPju7eBLruvdsbZU:0gCsgCradHSU75eBmvdkZU
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2