Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
439s -
max time network
441s -
platform
windows11-21h2_x64 -
resource
win11-20240730-en -
resource tags
arch:x64arch:x86image:win11-20240730-enlocale:en-usos:windows11-21h2-x64system -
submitted
02/08/2024, 15:09
General
-
Target
craftrise-x64.exe
-
Size
15.2MB
-
MD5
3982ed9cde49aa9f32f50204c5f22c80
-
SHA1
c9097e710fa660598b0ad93a2ec8f6b2e5ed077d
-
SHA256
285f0acb1aa2cc58e7a509df3234ae8fb950d6942b1782050f4a62b405446cf1
-
SHA512
70547254fd7619d97e6cff8b331fddcccb9eca45e0b3ba04158a8925864e26efe0bc10a282bdfb8dad21b65288c785b1b3c003e3dc2fc4a7299293d46f99dfe2
-
SSDEEP
393216:T454ItsLe/L+RNYzj8bahTFYxTTxSL8XW5YNNCbimY:To4csLeDkNYnWEYxfzXW5VY
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ craftrise-x64.exe -
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion craftrise-x64.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion craftrise-x64.exe -
resource yara_rule behavioral1/memory/4444-0-0x0000000140000000-0x0000000142502000-memory.dmp themida behavioral1/memory/4444-3-0x0000000140000000-0x0000000142502000-memory.dmp themida behavioral1/memory/4444-1-0x0000000140000000-0x0000000142502000-memory.dmp themida behavioral1/memory/4444-4-0x0000000140000000-0x0000000142502000-memory.dmp themida behavioral1/memory/4444-5-0x0000000140000000-0x0000000142502000-memory.dmp themida behavioral1/memory/4444-7-0x0000000140000000-0x0000000142502000-memory.dmp themida -
description ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA craftrise-x64.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
pid Process 4444 craftrise-x64.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\craftrise-x64.exe"C:\Users\Admin\AppData\Local\Temp\craftrise-x64.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:4444