Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

23ed3662b0...82.exe

windows7-x64

9

23ed3662b0...82.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    23ed3662b0fbfec8d88ca6d7beafe382.bin

  • Size

    3.8MB

  • Sample

    231211-bsj3waafb7

  • MD5

    23ed3662b0fbfec8d88ca6d7beafe382

  • SHA1

    a8af20412467c13a4177b07e46fca75131e2ced0

  • SHA256

    8e5971238652431a8eed55deedb8d559db5d26636824a85a0f8801bfa9f5d720

  • SHA512

    e998c2172894dc7dd65121941612f6bc3bef201613647a513304dec92b2699453a83523beb071430994b87aafae72481c3429c4172b02a8c03ec2139deb70d9d

  • SSDEEP

    98304:zujsFI5HAqETzDNWR2ekUKSTeaPGNatg:zujse1wwR2xULeCG4t

Score
9/10
aspackv2evasionspywarestealerthemidatrojan

Malware Config

Targets

    • Target

      23ed3662b0fbfec8d88ca6d7beafe382.bin

    • Size

      3.8MB

    • MD5

      23ed3662b0fbfec8d88ca6d7beafe382

    • SHA1

      a8af20412467c13a4177b07e46fca75131e2ced0

    • SHA256

      8e5971238652431a8eed55deedb8d559db5d26636824a85a0f8801bfa9f5d720

    • SHA512

      e998c2172894dc7dd65121941612f6bc3bef201613647a513304dec92b2699453a83523beb071430994b87aafae72481c3429c4172b02a8c03ec2139deb70d9d

    • SSDEEP

      98304:zujsFI5HAqETzDNWR2ekUKSTeaPGNatg:zujse1wwR2xULeCG4t

    Score
    9/10
    aspackv2evasionthemidatrojanspywarestealer

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Blocklisted process makes network request

    • Stops running service(s)

      evasion

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

      aspackv2

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Legitimate hosting services abused for malware hosting/C2

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks