3ca2e31aeba7bdb779ca62f879502752b0e10046ef021b3fc8f4694e01ebacba | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

7

4eacc64af7...87.exe

windows7-x64

4eacc64af7...87.exe

windows10-2004-x64

7

Sharing

General

Target

4eacc64af74d763c8c92fc186adbd787
Size

1.7MB
Sample

240109-syd79adcbj
MD5

4eacc64af74d763c8c92fc186adbd787
SHA1

cb219eb356152db3b43422d957cb099c2afe6fbf
SHA256

3ca2e31aeba7bdb779ca62f879502752b0e10046ef021b3fc8f4694e01ebacba
SHA512

51d83c3291cca99a3a58e3ecc19920d8dcd4b8599488ae051e8cb939621b129eb9de723dfc923c5ccfadc575cb1b3797c81bbd0c9fba6b7fb6f12968bdefa6db
SSDEEP

49152:iST/ajtxLsmifr7B5ZbV4d4Dm761UZp8lBW:Q8ZBUGmgUX8i

Score

10^/10

evasion persistence themida trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

4eacc64af74d763c8c92fc186adbd787.exe

Resource

win7-20231129-en

evasion persistence themida trojan upx

windows7-x64

24 signatures

150 seconds

Behavioral task

behavioral2

Sample

4eacc64af74d763c8c92fc186adbd787.exe

Resource

win10v2004-20231222-en

evasion themida

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Targets

- Target
  
  4eacc64af74d763c8c92fc186adbd787
- Size
  
  1.7MB
- MD5
  
  4eacc64af74d763c8c92fc186adbd787
- SHA1
  
  cb219eb356152db3b43422d957cb099c2afe6fbf
- SHA256
  
  3ca2e31aeba7bdb779ca62f879502752b0e10046ef021b3fc8f4694e01ebacba
- SHA512
  
  51d83c3291cca99a3a58e3ecc19920d8dcd4b8599488ae051e8cb939621b129eb9de723dfc923c5ccfadc575cb1b3797c81bbd0c9fba6b7fb6f12968bdefa6db
- SSDEEP
  
  49152:iST/ajtxLsmifr7B5ZbV4d4Dm761UZp8lBW:Q8ZBUGmgUX8i
Score

10^/10

evasion persistence themida trojan upx
- Modifies WinLogon for persistence
  persistence
- Windows security bypass
  evasion trojan
- Adds policy Run key to start application
  persistence
- Modifies Installed Components in the registry
  persistence
- Modifies Windows Firewall
  evasion
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Executes dropped EXE
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Modifies WinLogon
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Impair Defenses

Disable or Modify Tools

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencethemidatrojanupx

behavioral2

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.