5c82c273941ae0386ff31ab236baa2bf16d68a569848e68c1b7f0e0129a00984 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

7

4033a55589...81.exe

windows7-x64

4033a55589...81.exe

windows10-2004-x64

7

Sharing

General

Target

4033a555895253aac19eb732d9ae8c81
Size

892KB
Sample

240104-hte9msdch3
MD5

4033a555895253aac19eb732d9ae8c81
SHA1

557f18f34976f431c5e82040f33a29f32747dad2
SHA256

5c82c273941ae0386ff31ab236baa2bf16d68a569848e68c1b7f0e0129a00984
SHA512

546d6e56003e9e543331eaef8247fc6c88602ddc9796f9d22cbf8e1fb88e563a1f00ef338cabde55488eacb8b9462e883debd8aea6c9a064540f30940f6a380a
SSDEEP

24576:efQDX+wVqKz7dftt/kIsRnLCCiHC5/r1nQM33:SQD+w7ntbk/Bj5/rZQe3

Score

10^/10

evasion themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

4033a555895253aac19eb732d9ae8c81.exe

Resource

win7-20231215-en

evasion themida trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

4033a555895253aac19eb732d9ae8c81.exe

Resource

win10v2004-20231215-en

evasion themida

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Targets

- Target
  
  4033a555895253aac19eb732d9ae8c81
- Size
  
  892KB
- MD5
  
  4033a555895253aac19eb732d9ae8c81
- SHA1
  
  557f18f34976f431c5e82040f33a29f32747dad2
- SHA256
  
  5c82c273941ae0386ff31ab236baa2bf16d68a569848e68c1b7f0e0129a00984
- SHA512
  
  546d6e56003e9e543331eaef8247fc6c88602ddc9796f9d22cbf8e1fb88e563a1f00ef338cabde55488eacb8b9462e883debd8aea6c9a064540f30940f6a380a
- SSDEEP
  
  24576:efQDX+wVqKz7dftt/kIsRnLCCiHC5/r1nQM33:SQD+w7ntbk/Bj5/rZQe3
Score

10^/10

evasion themida trojan
- UAC bypass
  evasion trojan
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionthemidatrojan

behavioral2

© 2018-2025

Terms | Privacy