Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

7

cc17a2ff14...8c.exe

windows7-x64

9

cc17a2ff14...8c.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cc17a2ff14ae0f1457abbb990c2612a5503c96ddfa5916bb2a1a8dad2e16238c.zip

  • Size

    3.3MB

  • Sample

    230321-rz2jhadc8v

  • MD5

    41cc2fc1f90c9c4727b2220e3cd0fdc4

  • SHA1

    efad5e71e5b09e4d0eb7037d82c5cfdce21f4a85

  • SHA256

    3a89fa6a4abebabffcd836859898bda1dda9b42883c7bb6b9cd35a16ade708be

  • SHA512

    5591d3bfb6043e0166e5456a9cbb528e46bd15f3c7f6b560296f73f94fa4138fecd297567e6d5ed1738fdf28a9034e8277529b63f319c86c2175eb443e6e98b9

  • SSDEEP

    49152:5UOvvyAiMNvDjdJoHdefEW28ngnBgQ75dhqdaJiZKrS7V1W89hIZ8NDq5uIFNtyG:5By38g4MGgBgQNngjoukVBEoB

Score
9/10
evasionpersistencethemidatrojan

Malware Config

Targets

    • Target

      cc17a2ff14ae0f1457abbb990c2612a5503c96ddfa5916bb2a1a8dad2e16238c.exe

    • Size

      3.4MB

    • MD5

      1dcfb969cf87e2e4cb9bb4a56e750e15

    • SHA1

      c0d398d156582131a4dca76bdb85cf6e3342d68c

    • SHA256

      cc17a2ff14ae0f1457abbb990c2612a5503c96ddfa5916bb2a1a8dad2e16238c

    • SHA512

      f6b9bed8db1012566c80dec02471a6af4a052bf62361f0a51432340960b7cc5b776b384458a47aa462b3f6fa1fd507c0d05f1b5d74216402447d9dfa25771b5b

    • SSDEEP

      49152:Mvcs1F4p7LFsNqzfQX6mqDHLvtf2YyAqRZEI/1Tag5rTIluaYdfPKrpjJwebZVTL:MPFUz1DHdgBd26TrPsV2gTgikq

    Score
    9/10
    evasionpersistencethemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks