Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    2.7MB

  • Sample

    241121-cv98hsxekd

  • MD5

    dd4838b2c7c89b5d5130f5bc7168809b

  • SHA1

    38ca577f79ffd22928874b9c74552027a7fce330

  • SHA256

    628693042f7cc6900f9b14c58b3d18499ff7fedf05335b7a81774db4bd5f23db

  • SHA512

    b56ffe826dd7a4bd43aafd402c139d930d3ffae5c2813de960d1d6544ee1d8d96b89e38728f4c4df024c0a38f60a730e1ab5b1d73a548fdac5f78f7164e004e3

  • SSDEEP

    49152:9HZJ/zBwDIyhmlt6brjR4wvMH3v2IV+CnF:hP/zikywltmW6MH3vlT

Malware Config

Targets

    • Target

      file.exe

    • Size

      2.7MB

    • MD5

      dd4838b2c7c89b5d5130f5bc7168809b

    • SHA1

      38ca577f79ffd22928874b9c74552027a7fce330

    • SHA256

      628693042f7cc6900f9b14c58b3d18499ff7fedf05335b7a81774db4bd5f23db

    • SHA512

      b56ffe826dd7a4bd43aafd402c139d930d3ffae5c2813de960d1d6544ee1d8d96b89e38728f4c4df024c0a38f60a730e1ab5b1d73a548fdac5f78f7164e004e3

    • SSDEEP

      49152:9HZJ/zBwDIyhmlt6brjR4wvMH3v2IV+CnF:hP/zikywltmW6MH3vlT

    • Modifies Windows Defender Real-time Protection settings

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Windows security modification

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.