Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

b_protected.exe

windows7-x64

9

b_protected.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b_protected.exe

  • Size

    6.1MB

  • Sample

    250328-fd62ba11hx

  • MD5

    de3ddfb5abf6b47d20e3cf30f1d61881

  • SHA1

    29d7aaf4365529bf80ef6f43f7f6b93732d74463

  • SHA256

    67af2633b90b14a2ca41a34b6400da0b3eff4986573e1244a52f7470a19b1ac9

  • SHA512

    828f2b90acd392e2b515cb753341ec2b7b760dddedef4e2a0406c43bbaae0663daf2635bd6f60280caf0590ecabb03e7abde418ffb95d855bb00944c823175ba

  • SSDEEP

    196608:GjaMzJePBURqf0SKZJ0QtIakgWMZLqJnHzW:Ge5PBnf0BHkgFFqJHq

Score
9/10
bootkitdefense_evasionpersistencetrojan

Malware Config

Targets

    • Target

      b_protected.exe

    • Size

      6.1MB

    • MD5

      de3ddfb5abf6b47d20e3cf30f1d61881

    • SHA1

      29d7aaf4365529bf80ef6f43f7f6b93732d74463

    • SHA256

      67af2633b90b14a2ca41a34b6400da0b3eff4986573e1244a52f7470a19b1ac9

    • SHA512

      828f2b90acd392e2b515cb753341ec2b7b760dddedef4e2a0406c43bbaae0663daf2635bd6f60280caf0590ecabb03e7abde418ffb95d855bb00944c823175ba

    • SSDEEP

      196608:GjaMzJePBURqf0SKZJ0QtIakgWMZLqJnHzW:Ge5PBnf0BHkgFFqJHq

    Score
    9/10
    bootkitdefense_evasionpersistencetrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      defense_evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

      defense_evasiontrojan

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks