98afd4feb9c82d74686199f58b21d0470fe9c7ce6f86bc53ded6b3ac1503ef4f | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

7

98afd4feb9...4f.exe

windows7-x64

98afd4feb9...4f.exe

windows10-2004-x64

Sharing

General

Target

98afd4feb9c82d74686199f58b21d0470fe9c7ce6f86bc53ded6b3ac1503ef4f
Size

2.5MB
Sample

240711-czr8hawfma
MD5

5824a4b66310c7d39e7801ff7e6d0d08
SHA1

88237f48e2ff6d446638d6db16537f1274669130
SHA256

98afd4feb9c82d74686199f58b21d0470fe9c7ce6f86bc53ded6b3ac1503ef4f
SHA512

ffe5370847e06b5c81f162ca62998fe0d30981443a753330b5c8de0a09985f0aef2be99992162a81deeae0c22d24b0726b56c79b76598e87953fad03001103fc
SSDEEP

49152:WxmvumkQ9lY9sgUXdTPSxdQ8KX75IyuWuCjcCqWOyxL:Wxx9NUFkQx753uWuCyyxL

Score

10^/10

evasion persistence themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

98afd4feb9c82d74686199f58b21d0470fe9c7ce6f86bc53ded6b3ac1503ef4f.exe

Resource

win7-20240704-en

evasion persistence themida trojan

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

98afd4feb9c82d74686199f58b21d0470fe9c7ce6f86bc53ded6b3ac1503ef4f.exe

Resource

win10v2004-20240709-en

evasion persistence themida trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  98afd4feb9c82d74686199f58b21d0470fe9c7ce6f86bc53ded6b3ac1503ef4f
- Size
  
  2.5MB
- MD5
  
  5824a4b66310c7d39e7801ff7e6d0d08
- SHA1
  
  88237f48e2ff6d446638d6db16537f1274669130
- SHA256
  
  98afd4feb9c82d74686199f58b21d0470fe9c7ce6f86bc53ded6b3ac1503ef4f
- SHA512
  
  ffe5370847e06b5c81f162ca62998fe0d30981443a753330b5c8de0a09985f0aef2be99992162a81deeae0c22d24b0726b56c79b76598e87953fad03001103fc
- SSDEEP
  
  49152:WxmvumkQ9lY9sgUXdTPSxdQ8KX75IyuWuCjcCqWOyxL:Wxx9NUFkQx753uWuCyyxL
Score

10^/10

evasion persistence themida trojan
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencethemidatrojan

behavioral2

evasionpersistencethemidatrojan

© 2018-2025

Terms | Privacy