Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

7

crack.exe

windows11-21h2-x64

8

runtime.dll

windows11-21h2-x64

1

Analysis

  • max time kernel
    14s
  • max time network
    30s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    28/02/2024, 19:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    crack.exe

  • Size

    10.3MB

  • MD5

    35edb0779e02ec906ba08da6115eeae7

  • SHA1

    c662f58d8421c854b30da34c6e0ddc37783cb953

  • SHA256

    22646544be869e18d9b35687a6592c3ea1ac0d423badc40cb6059388b1bf362c

  • SHA512

    82e2fe81587b40e96b4fef23819037809d94c1f0f11393c8b91387a0dbaa70c368498707cd7a66ba71056352af90619d1204db7067f7daa47060ee5c8eee889b

  • SSDEEP

    98304:QqMT8fPVdo+hZ9ZWI3Blm+AgMnOZ0EVmCs9rhcw3M//OfYts2SsJXkn7IG/HPidx:cs1BlLjZ0EVmCs9rhlSm0siJdeJ

Score
8/10
persistencethemida

Malware Config

Signatures

  • Sets service image path in registry 2 TTPs 1 IoCs
    persistence
  • Themida packer 2 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\crack.exe
    "C:\Users\Admin\AppData\Local\Temp\crack.exe"
    1⤵
    • Sets service image path in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: LoadsDriver
    • Suspicious use of AdjustPrivilegeToken
    PID:3688

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3688-1-0x00007FF698F00000-0x00007FF69A3B4000-memory.dmp

    Filesize

    20.7MB

    Download

  • memory/3688-9-0x00007FF698F00000-0x00007FF69A3B4000-memory.dmp

    Filesize

    20.7MB

    Download