Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

7

InvChanger...er.dll

windows7-x64

1

InvChanger...er.dll

windows10-2004-x64

1

InvChanger...ui.exe

windows7-x64

9

InvChanger...ui.exe

windows10-2004-x64

9

Resubmissions

14/05/2023, 21:59

230514-1v4bzaga2y 9

14/05/2023, 20:19

230514-y38wbafg2z 9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    InvChanger.zip

  • Size

    4.0MB

  • Sample

    230514-1v4bzaga2y

  • MD5

    a9e18a04c466a2ebac97073b5bb73f5b

  • SHA1

    641c470c90c9add71bb6a4b1fdc00f8847daac4a

  • SHA256

    dcd5b76de9828767e8acbfcf3be792fbd1b777651ca2e802294989bae7ddf1d9

  • SHA512

    6b06956539461e9972910259766e004f3b6389b40089514d1fdd59d8cb6b1e243c5b09db19eedf8c07e77977439251a1423263ef862ff3c535fc71f513fb0660

  • SSDEEP

    98304:C/ee6CXBtvzU4Z3dSwRZjNfi7Mw6MCIB4YHlAoP8:C5zUE8wvBuCmVF78

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      InvChanger/InvChanger.dll

    • Size

      1.4MB

    • MD5

      0da95079a28bead086bdebf58a18512b

    • SHA1

      573d15c36f83ef61eff9739df5a4be8704d33fa7

    • SHA256

      98b9f44e37cb6d7cab5fb85600904be7f5dcb3d4b3e52a3a9f21ba0e6f5d47f5

    • SHA512

      427d78b893386d1c022169f197353b2e1f0872785aa3d9e5d22e253e2b9c8434cd34f9dff39815555e1d7a5a69ea3387ebe15c055bbb2d1ce9b113386fc93be6

    • SSDEEP

      24576:Sj1caock6Kt3i2GAVhL12gMPJ+2mG8WDR/g+XSJtKwTg9/2j8UjFWke3TDWRsSt:Sj5zK9jhLO7dnSWws9/2YUA3TDqt

    Score
    1/10
    behavioral1behavioral2

    • Target

      InvChanger/injector_imgui.exe

    • Size

      3.4MB

    • MD5

      00b703e2dd4b6080d4dcec7cab4373d6

    • SHA1

      78a9621f44be60150f784b68c2e4367af07a3d1a

    • SHA256

      2a673052ee30c8193ff3e03be32f980452e63695211080ab0513d84106db443c

    • SHA512

      f0164eabdaed93be1218e5b68bfe86a025c0498585bc0d3b5057b8ebd58935330e338be06cfd6965863b0af9cc86298d935fe2f0ce3ed5bf3e576c812cde4d9f

    • SSDEEP

      98304:Jt4igwu/cqS8jQ+zRwLjwqzMznCYG0U78p:JicqS4Q+Vw3VGG0a8p

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral3behavioral4

MITRE ATT&CK Enterprise v6

Tasks