42fcdf033c6f87a5fab4cdfe2a91a4dd77bb0937ef81ee4e79a81c4524dd41c0 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

42fcdf033c...c0.exe

windows7-x64

9

42fcdf033c...c0.exe

windows10-2004-x64

9

Sharing

General

Target

42fcdf033c6f87a5fab4cdfe2a91a4dd77bb0937ef81ee4e79a81c4524dd41c0
Size

12.9MB
Sample

240626-can5jszhnm
MD5

683aa7b5004fc166172c8742e8df785e
SHA1

54f5f5a76a5e39625a310206208537c4b8ea18e2
SHA256

42fcdf033c6f87a5fab4cdfe2a91a4dd77bb0937ef81ee4e79a81c4524dd41c0
SHA512

5f37e887b01cf1d0b37723ea2c11739da3c20ee7fec8e157333fdf954871d3cb20569d9d0b0519e7e72e6ca58b99c947a7a0d55f0c5e16ecd1b816ee01240c17
SSDEEP

393216:X948t8ypGfbpfik0YkOtrTEJNkCmE0MeivlZ8a:XOe8bzpqzZOtsJNALMtvlZ8a

Score

9^/10

evasion

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

42fcdf033c6f87a5fab4cdfe2a91a4dd77bb0937ef81ee4e79a81c4524dd41c0.exe

Resource

win7-20231129-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

42fcdf033c6f87a5fab4cdfe2a91a4dd77bb0937ef81ee4e79a81c4524dd41c0.exe

Resource

win10v2004-20240508-en

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  42fcdf033c6f87a5fab4cdfe2a91a4dd77bb0937ef81ee4e79a81c4524dd41c0
- Size
  
  12.9MB
- MD5
  
  683aa7b5004fc166172c8742e8df785e
- SHA1
  
  54f5f5a76a5e39625a310206208537c4b8ea18e2
- SHA256
  
  42fcdf033c6f87a5fab4cdfe2a91a4dd77bb0937ef81ee4e79a81c4524dd41c0
- SHA512
  
  5f37e887b01cf1d0b37723ea2c11739da3c20ee7fec8e157333fdf954871d3cb20569d9d0b0519e7e72e6ca58b99c947a7a0d55f0c5e16ecd1b816ee01240c17
- SSDEEP
  
  393216:X948t8ypGfbpfik0YkOtrTEJNkCmE0MeivlZ8a:XOe8bzpqzZOtsJNALMtvlZ8a
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.