e4ba2c8e5ede2d6bbc3a9009a4c588ebbe8a1381cc2e3286ae36a1a87eb3241b | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

7

Magic.exe

windows11-21h2-x64

9

Sharing

General

Target

Magic.exe
Size

5.4MB
Sample

240821-ctwzhazakn
MD5

632261a647d176fab4179afca83a6751
SHA1

22d032ffa9a12737c78437582e833beb644230e1
SHA256

e4ba2c8e5ede2d6bbc3a9009a4c588ebbe8a1381cc2e3286ae36a1a87eb3241b
SHA512

6e50432682a6fe3b9e5039ccc0776193f464bd1605974f946431b477d2dad9a267019df38d65a7cd5282f4933c0fb76dad6b33923b08ca76d28d3e8925f84f87
SSDEEP

98304:azz8zUAYRMhX8yJwO+H5S1//wvZWMoniz3SM0fcEQkouKMRXjDNUBT0D8l:c8zUAKMJlJT+H0VovT34cEgMJDkTo2

Score

9^/10

evasion execution themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Magic.exe

Resource

win11-20240802-en

evasion execution themida trojan

windows11-21h2-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  Magic.exe
- Size
  
  5.4MB
- MD5
  
  632261a647d176fab4179afca83a6751
- SHA1
  
  22d032ffa9a12737c78437582e833beb644230e1
- SHA256
  
  e4ba2c8e5ede2d6bbc3a9009a4c588ebbe8a1381cc2e3286ae36a1a87eb3241b
- SHA512
  
  6e50432682a6fe3b9e5039ccc0776193f464bd1605974f946431b477d2dad9a267019df38d65a7cd5282f4933c0fb76dad6b33923b08ca76d28d3e8925f84f87
- SSDEEP
  
  98304:azz8zUAYRMhX8yJwO+H5S1//wvZWMoniz3SM0fcEQkouKMRXjDNUBT0D8l:c8zUAKMJlJT+H0VovT34cEgMJDkTo2
Score

9^/10

evasion execution themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Stops running service(s)
  evasion execution
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

evasionexecutionthemidatrojan

© 2018-2025

Terms | Privacy