Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Poliwica64.exe

  • Size

    4.1MB

  • Sample

    241130-fqy68stnfv

  • MD5

    cd8b29f6a2df18ca73301c974c592d01

  • SHA1

    e92094fab6e05eababa66e1cb2fa1ba4f60a0ad7

  • SHA256

    56725739b3f85b74fcad839107ae620647521837cb2c2601ebd0cad2d7e65567

  • SHA512

    bd6a714da0a672091d4e4d5eef3c55625203c7bd2c69053763713b7fc56b539586d0c279539258fdfc95b60cbb0101a776598376e6802d26835337cdccbbe9cd

  • SSDEEP

    98304:EgkS4oqb/YBbt3GUCFpUivk5xZx0qa1rb:DkS4MGlnUj55ba1rb

Malware Config

Targets

    • Target

      Poliwica64.exe

    • Size

      4.1MB

    • MD5

      cd8b29f6a2df18ca73301c974c592d01

    • SHA1

      e92094fab6e05eababa66e1cb2fa1ba4f60a0ad7

    • SHA256

      56725739b3f85b74fcad839107ae620647521837cb2c2601ebd0cad2d7e65567

    • SHA512

      bd6a714da0a672091d4e4d5eef3c55625203c7bd2c69053763713b7fc56b539586d0c279539258fdfc95b60cbb0101a776598376e6802d26835337cdccbbe9cd

    • SSDEEP

      98304:EgkS4oqb/YBbt3GUCFpUivk5xZx0qa1rb:DkS4MGlnUj55ba1rb

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks