Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

03/07/2023, 16:37

230703-t42feahb49 10

General

  • Target

    Midnight.exe

  • Size

    8.1MB

  • Sample

    230703-t42feahb49

  • MD5

    6f11c5992143140763a08fefa9d84f21

  • SHA1

    713974e0aa9a2f75033de31347ac4197cede11c6

  • SHA256

    f2fa9c083abe324d132d6e687caf1b7f5825e9a12dc6e2dd9ff40cf3aebafb03

  • SHA512

    9929f0aff403a317f8946285aef94b42fab6451f39dd206017977b7770c7eaab6672cc351fe164057a66c228e972fbca6766b820c9210c7777a6da5ac1bf29c0

  • SSDEEP

    196608:VQZxXEzlHtUwN2mRpnJWjLHXenG2KWpHFNRAnBdC:+XKlCNmvg3engKHCvC

Score
10/10

Malware Config

Targets

    • Target

      Midnight.exe

    • Size

      8.1MB

    • MD5

      6f11c5992143140763a08fefa9d84f21

    • SHA1

      713974e0aa9a2f75033de31347ac4197cede11c6

    • SHA256

      f2fa9c083abe324d132d6e687caf1b7f5825e9a12dc6e2dd9ff40cf3aebafb03

    • SHA512

      9929f0aff403a317f8946285aef94b42fab6451f39dd206017977b7770c7eaab6672cc351fe164057a66c228e972fbca6766b820c9210c7777a6da5ac1bf29c0

    • SSDEEP

      196608:VQZxXEzlHtUwN2mRpnJWjLHXenG2KWpHFNRAnBdC:+XKlCNmvg3engKHCvC

    Score
    10/10
    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks