2ccc312eea80e6b3c6e55a6ffdd27685a993389f1de973b20e2612e01a15432b | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

1

b8e3d7db3efaabe3.mp3

windows11-21h2-x64

9

Sharing

General

Target

b8e3d7db3efaabe3.mp3
Size

997KB
Sample

240807-by9kqaxbmk
MD5

4d83f388a1d3a0ff2ad5a66903a6b574
SHA1

8fa598526e7dd0f09ee8366f1a97ba6ca396fc38
SHA256

2ccc312eea80e6b3c6e55a6ffdd27685a993389f1de973b20e2612e01a15432b
SHA512

1765ec75f25651be1dbcc3002afb5f2373c5ad219858ff1657c101b590f5f77ea7c45bb2a24130ed5e6ddf9f1b19ea7c6778a16e5d320a1152284cf73128e4c8
SSDEEP

24576:pQr4vAZJuKawUEyxGqOYOuHz+sYlqx1XNn3xgqt+qC9:WrCqfUbxbfytQx1XF3NG

Score

9^/10

defense_evasion discovery evasion themida trojan

Static task

static1

Behavioral task

behavioral1

Sample

b8e3d7db3efaabe3.mp3

Resource

win11-20240802-en

defense_evasion discovery evasion themida trojan

windows11-21h2-x64

33 signatures

300 seconds

Malware Config

Targets

- Target
  
  b8e3d7db3efaabe3.mp3
- Size
  
  997KB
- MD5
  
  4d83f388a1d3a0ff2ad5a66903a6b574
- SHA1
  
  8fa598526e7dd0f09ee8366f1a97ba6ca396fc38
- SHA256
  
  2ccc312eea80e6b3c6e55a6ffdd27685a993389f1de973b20e2612e01a15432b
- SHA512
  
  1765ec75f25651be1dbcc3002afb5f2373c5ad219858ff1657c101b590f5f77ea7c45bb2a24130ed5e6ddf9f1b19ea7c6778a16e5d320a1152284cf73128e4c8
- SSDEEP
  
  24576:pQr4vAZJuKawUEyxGqOYOuHz+sYlqx1XNn3xgqt+qC9:WrCqfUbxbfytQx1XF3NG
Score

9^/10

defense_evasion discovery evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Downloads MZ/PE file
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Blocklisted process makes network request
- Checks whether UAC is enabled
  evasion trojan
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Network Share Discovery
  Attempt to gather information on host network.
  discovery
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

SIP and Trust Provider Hijacking

Virtualization/Sandbox Evasion

Credential Access

Discovery

Browser Information Discovery

Network Share Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryevasionthemidatrojan

© 2018-2025

Terms | Privacy