Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

1

httpscdn.d...s1.txt

windows11-21h2-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    httpscdn.discordapp.comattachments1.txt

  • Size

    183B

  • Sample

    240524-dk835sah7s

  • MD5

    0efe1a91f04c297bd82f5f7abac671dd

  • SHA1

    fe604b052bd341f8b3f2ef3381f5fdd13f9e9186

  • SHA256

    69840b6059d51cc1aeb9846f1fcb2ddca0f89b4690fca73b98cd42edc2237f0f

  • SHA512

    5c204bc45626f12550945a76f5285a36bd260abd5bda13cb25f0c6e15b96114cc15d337a5f0a4058b6415e7b4e4914b724dfce10a279123b0362e28488ba8f94

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      httpscdn.discordapp.comattachments1.txt

    • Size

      183B

    • MD5

      0efe1a91f04c297bd82f5f7abac671dd

    • SHA1

      fe604b052bd341f8b3f2ef3381f5fdd13f9e9186

    • SHA256

      69840b6059d51cc1aeb9846f1fcb2ddca0f89b4690fca73b98cd42edc2237f0f

    • SHA512

      5c204bc45626f12550945a76f5285a36bd260abd5bda13cb25f0c6e15b96114cc15d337a5f0a4058b6415e7b4e4914b724dfce10a279123b0362e28488ba8f94

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks