Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

7

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    7.2MB

  • Sample

    230426-js9brshh3t

  • MD5

    625afe348f255f928094b9e3b92d2664

  • SHA1

    d0cdc33730663dffe4d9826d041a15ccb02a7880

  • SHA256

    b01c9104e3c8210e44629d12b895164de941215f47f9c02826640af1e80e2876

  • SHA512

    0260d36d2e92633dfc127a9eb521d617f5ef2eaab2e4955ef4d3b746bec210511b48e55d94abda501706e42a0f2aefc3523fcef8732f4895617c9851f52df779

  • SSDEEP

    196608:kWL9Awy6WpqUlfS1RAhXLM2nDpC0h05N3klfVVWCbA7:nL9AwQpqLiXPh05N3klfnPG

Score
10/10
privateloaderdiscoveryevasionloaderspywarestealerthemidatrojan

Malware Config

Targets

    • Target

      file.exe

    • Size

      7.2MB

    • MD5

      625afe348f255f928094b9e3b92d2664

    • SHA1

      d0cdc33730663dffe4d9826d041a15ccb02a7880

    • SHA256

      b01c9104e3c8210e44629d12b895164de941215f47f9c02826640af1e80e2876

    • SHA512

      0260d36d2e92633dfc127a9eb521d617f5ef2eaab2e4955ef4d3b746bec210511b48e55d94abda501706e42a0f2aefc3523fcef8732f4895617c9851f52df779

    • SSDEEP

      196608:kWL9Awy6WpqUlfS1RAhXLM2nDpC0h05N3klfVVWCbA7:nL9AwQpqLiXPh05N3klfnPG

    Score
    10/10
    privateloaderevasionloaderthemidatrojandiscoveryspywarestealer

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

      loaderprivateloader

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.