36534b418a8558b2516896763b6be33cea87123004349206d5c0a32bc25fad05 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

cryptolaemus

windows10-2004-x64

9

cryptolaemus

windows11-21h2-x64

9

Sharing

General

Target

36534b418a8558b2516896763b6be33cea87123004349206d5c0a32bc25fad05
Size

2.0MB
Sample

240703-3m7qjascnk
MD5

9ba38b70628dda12d069edafb51b5c4d
SHA1

244bdeee0bc5830bfce737a3b1e82e5850553c4b
SHA256

36534b418a8558b2516896763b6be33cea87123004349206d5c0a32bc25fad05
SHA512

8b0a1cc030f25d9db9804f2049ac8395fa959c2b83a432203232f9b09f90fbbcb08811323c6b22638d4ed85d50111ab22383d74c93dc62ecb08ab6c18789945c
SSDEEP

49152:DocQRhibpyl8RHKN8BJ6TvANfK95rSKwlaCTrw:8jPMc8RHKN0QKfK+tZfw

Score

9^/10

evasion

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

36534b418a8558b2516896763b6be33cea87123004349206d5c0a32bc25fad05.exe

Resource

win10v2004-20240611-en

windows10-2004-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

36534b418a8558b2516896763b6be33cea87123004349206d5c0a32bc25fad05.exe

Resource

win11-20240508-en

windows11-21h2-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  36534b418a8558b2516896763b6be33cea87123004349206d5c0a32bc25fad05
- Size
  
  2.0MB
- MD5
  
  9ba38b70628dda12d069edafb51b5c4d
- SHA1
  
  244bdeee0bc5830bfce737a3b1e82e5850553c4b
- SHA256
  
  36534b418a8558b2516896763b6be33cea87123004349206d5c0a32bc25fad05
- SHA512
  
  8b0a1cc030f25d9db9804f2049ac8395fa959c2b83a432203232f9b09f90fbbcb08811323c6b22638d4ed85d50111ab22383d74c93dc62ecb08ab6c18789945c
- SSDEEP
  
  49152:DocQRhibpyl8RHKN8BJ6TvANfK95rSKwlaCTrw:8jPMc8RHKN0QKfK+tZfw
Score

9^/10

evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Drops desktop.ini file(s)
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.