Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

7

f8e1b68248...b4.exe

windows10-1703-x64

9

Analysis

  • max time kernel
    87s
  • max time network
    89s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    14/07/2024, 08:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f8e1b68248848fbbd74402ad9129ffb4.exe

  • Size

    18.5MB

  • MD5

    12d9255227567a75ef9e064e84ef62bd

  • SHA1

    93ff56e0565e69e42f93e85bcc3b844d48156006

  • SHA256

    7d2c6a9bd728bbcc103b49956bf49efc4796acb1cfba6776cbf2e0cc0414c0b1

  • SHA512

    73ff67b61613bd2d0557768266076ab9d2dea9964ee5ff7e32fc46752cc51f54b833a7d9a0d4c5e3cc23f9576d4955d7c3eca5e59b9817578f08f01b0a9ee1c3

  • SSDEEP

    393216:uSLpLFG0zW0zkV8GP870Qj3+thpvLpTWwim72/kpW8wxUm:uSLBz1ABUj3+vpvLpTLim7KiQl

Score
9/10
bootkitevasionpersistencethemidatrojan

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Themida packer 9 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Checks SCSI registry key(s) 3 TTPs 16 IoCs

    SCSI information is often read in order to detect sandboxing environments.

Processes

  • C:\Users\Admin\AppData\Local\Temp\f8e1b68248848fbbd74402ad9129ffb4.exe
    "C:\Users\Admin\AppData\Local\Temp\f8e1b68248848fbbd74402ad9129ffb4.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Checks whether UAC is enabled
    • Writes to the Master Boot Record (MBR)
    • Checks SCSI registry key(s)
    PID:1260

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1260-2-0x00007FF729990000-0x00007FF72CB1D000-memory.dmp

    Filesize

    49.6MB

    Download

  • memory/1260-0-0x00007FF729990000-0x00007FF72CB1D000-memory.dmp

    Filesize

    49.6MB

    Download

  • memory/1260-1-0x00007FF729990000-0x00007FF72CB1D000-memory.dmp

    Filesize

    49.6MB

    Download

  • memory/1260-3-0x00007FF729990000-0x00007FF72CB1D000-memory.dmp

    Filesize

    49.6MB

    Download

  • memory/1260-4-0x00007FF729990000-0x00007FF72CB1D000-memory.dmp

    Filesize

    49.6MB

    Download

  • memory/1260-5-0x00007FF729990000-0x00007FF72CB1D000-memory.dmp

    Filesize

    49.6MB

    Download

  • memory/1260-6-0x00007FF729990000-0x00007FF72CB1D000-memory.dmp

    Filesize

    49.6MB

    Download

  • memory/1260-7-0x00007FF729990000-0x00007FF72CB1D000-memory.dmp

    Filesize

    49.6MB

    Download

  • memory/1260-8-0x00007FF729990000-0x00007FF72CB1D000-memory.dmp

    Filesize

    49.6MB

    Download