Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

7

release/ma...at.exe

windows7-x64

9

release/ma...at.exe

windows10-2004-x64

9

release/ma...er.exe

windows7-x64

9

release/ma...er.exe

windows10-2004-x64

9

release/map/Map.exe

windows7-x64

8

release/map/Map.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    release7-31-24.rar

  • Size

    8.3MB

  • Sample

    240802-srsr3atgqg

  • MD5

    cb9271d216c9fe385a46819f36342422

  • SHA1

    75846b856517b43bfa3b6da47f129d8a671cdd55

  • SHA256

    6a2c64b6a8886226d84ecc3927f13a698036d8530f4e6fcb0920c52f3ef90e11

  • SHA512

    e53f677320656bf21badaf253949394db6a13b1af4670c66f38ff28f8ff939b5eca08c6b805389952f877f4b455ccbcddb34422bac332dde26f291d14224ed6c

  • SSDEEP

    196608:3oyHsUibNIJdT9ZNTlwtpR17HexAvGUFi0gpuKLoqizxw1wQ:3oyHlibNQdTjepR17HOA+UA0gxLonzu

Score
9/10
defense_evasionevasionpersistencethemidatrojan

Malware Config

Targets

    • Target

      release/main/cheat.exe

    • Size

      4.1MB

    • MD5

      ad553ae8b257510efb0667e1a22d93c0

    • SHA1

      27b15cecc2e5fa44a03ef141c4c8dba9ca0fd799

    • SHA256

      9f6f6517b4a0d0166b9d34ecb0ef212aea6d910a115ed64263d12139e6253a2d

    • SHA512

      1b930b8b0b5ac4a59d281aed1d919e948f5f8d9455c5e213ff1bdfb761809578b916ea63de0c3815e0f8be40dc16416fd69ffae22a3fa22b1dadf3b55c5a98b0

    • SSDEEP

      98304:xnMWX+ipyg5lOQ/i6jHwqbhYtGhDxoIBN5ihprcE5Aq2lSvcNG9VDyD:xnMu9p8Q/ia3PhDxribQvq2EcNGjDk

    Score
    9/10
    evasionpersistencethemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Sets service image path in registry

      persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      release/main/loader.exe

    • Size

      4.1MB

    • MD5

      9ecdc9ed1bea6c226f92d740d43400b9

    • SHA1

      b5b5066cd4284733d8c3f3d7de3ca6653091ae10

    • SHA256

      60c57f14c2e0e0df0bda16646b21dddceaee0159dafbbb8daba310d4e1b5be6c

    • SHA512

      30bc705a2438288e3647d5adfc6119d751823970972b9c6b39a60384a2b7ac261986026b8d1c0b0ca7ee3d7e95363c97b873fdc5fad4096c903cb4e15bf57e43

    • SSDEEP

      98304:vnUGAC+hqc8lqvdzw2nsNKYYURyc9JirsN4JzmUPj:PTn2qcUzp6UYeJRCxPj

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral3behavioral4

    • Target

      release/map/Map.exe

    • Size

      416KB

    • MD5

      36c50332466b6e921edb79ea4b240278

    • SHA1

      5b858fb375235e7638b7cef22ca972d27ce9cacc

    • SHA256

      0a76f7d189b368598ee017d0094a6698ffff66d0f981f85769971170ca29e042

    • SHA512

      fbc23c9d21e9dd3fbb7eac87fcee7e9db52d6c6450402ec90a7ba43940029af00d4ab9db8f0e662f30d8f99a34326673f26051932e2ae7afcfb377d053f4cc41

    • SSDEEP

      12288:rbNG38Jf2mCsCTyTH8+vtQ7BWD24cVLxSf0:rbNG38Jf2mCsCTMc+laBH4cVLxSf

    Score
    8/10
    persistencedefense_evasion

    • Modify Registry: Disable Windows Driver Blocklist

      Disable Windows Driver Blocklist via Registry.

      defense_evasion

    • Sets service image path in registry

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks