Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
AMZ GEN.rar
-
Size
34.3MB
-
Sample
241014-erc5qasflp
-
MD5
be6d35edb30f5e8a170f56187fce98b3
-
SHA1
3a80f615ccb6b93574d9c51055c43799e449c090
-
SHA256
9549140353c2edca02962aecc735736797ff78e80445550578f808502d675bf4
-
SHA512
bd5414d5d797ea012a4fb90fade12f7458507738a1d9f2c029af01c96d1cacbb48760bde6f2eecf6fb83f0601ba4d08f5c900d19bc141d35a2493e6b83839ea7
-
SSDEEP
786432:6Oqgz94RjuFdJ9mdCEcPgYKjyHlPu/V5/Da8zVS0dpIvHlnt:6OrziRCBEMJKyQ5DvzVSaWvNt
Behavioral task
behavioral1
Sample
AMZ SC GEN $25.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
AMZ SC GEN $25.exe
-
Size
35.6MB
-
MD5
90737d2d040d5f244d12c913e16d4b32
-
SHA1
7ace76c649f3a090d5a9644dee3895244931bc2c
-
SHA256
18763a42771ed4900a3a69b9899f5f799c59af502e4461a0635ccf03b95b42ab
-
SHA512
cf95b23f69f83b3357ea763ae754b3cc23e43c6b7d4343aa85cf1b3527fcc4f7db83bc88f802c592ac78fb641bfcf04a14060185a527abc1ff7a005081327260
-
SSDEEP
786432:nZPjrgPQ11QtI12j6+s7LWB75zuXVgGCuAszi0iZDxWALw4t2:Zf8QiI12qHWB75il+ZssDF0
-
Modifies visiblity of hidden/system files in Explorer
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2Virtualization/Sandbox Evasion
1