Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    privtoolscringeasfnamecracked.zip

  • Size

    42.9MB

  • Sample

    240823-1rq78s1dmq

  • MD5

    59daa83e0f9a4ff754e7aeadb1356ce1

  • SHA1

    a95d200c49572dc766a975c6df411c32b3c009a5

  • SHA256

    48f7fbe3cb26ad15725dea3facde3fd49e0708c59e35a0752bf7dc39a84ea4ce

  • SHA512

    c2325aed9074addfc406b559d7d7f6b628f7092d9c4a732146d80eb3a648ef3c2af0e60e5ef5bdb437b9ba22c3deae60dc014b57eeb4d7ed204959a1b59062c0

  • SSDEEP

    786432:d/IOVz164uUCSBYhoiN3m6/4dl37+ErvnLOOtN+:VVcSp5Q3TWl3PrzW

Malware Config

Targets

    • Target

      crack.dll

    • Size

      2.3MB

    • MD5

      36e6e177248684cd8910b736b8a53bf8

    • SHA1

      c139c6dee245e18fea12c5b5c15d3b14580c718e

    • SHA256

      80f1508a454aca11f7012f47c497b25d848b6f803417f194eb8a340a35d98020

    • SHA512

      910a88307878cabf052a061887a82c6ac5382ffe87dd60a7576e90e8807f84fe73e6670db5ab0f27736cfb18338278babaae2e5d02bdd038c14c63ffc7ebe45a

    • SSDEEP

      49152:AB5FQmkom+KbxROsCZvYCYyhWefdmjLdGGf:Zom+Kb4vYCYyBfdmjLdGGf

    Score
    1/10
    • Target

      loader.exe

    • Size

      5.3MB

    • MD5

      8106fe1bba482da9cf1436a1fac73230

    • SHA1

      2eea03f71155c437875d00a9c8de052689dcb824

    • SHA256

      c5e0a4e8bcb73aa7b6da814ac986d07836f87aa70af84620087eaa8ccb680ff7

    • SHA512

      a98e7452ecbf0a4493da4d471b719f5c2e88d0526a9b1a9ac7ed3eda1c131401184c425f3b858d588e2b75d5747e47671e7a4d2f04c8071d847f9721dc19bdad

    • SSDEEP

      98304:9QROUfH/3HV6K1eiTzW2H0P2U9HenTueByxs0oahbG6IfDMMllqg7:9QvfflRLUPBenTuMyxs0oejIfDMgln7

    Score
    9/10
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      privatools.exe

    • Size

      37.9MB

    • MD5

      45f5f568b7ee52fa38c7683d7948ba4c

    • SHA1

      d9c0676464a89f002bf34d26547fa47df2bc9132

    • SHA256

      95c3197b3d1c6161cae995ad4580124d26d7025b809b99ac1c1180a103fa1ec0

    • SHA512

      ad1b04de3aa5354d06efd51e1006330a526b2aa4be9b335fea3a083e69a434a732b52a983633c3effb0c08484c78b58006da6cc0783a5591e9419621b8071d8f

    • SSDEEP

      786432:4WQtskXCcDlS9cQEWhhQCLL/JdCjUEzjLxi0xpQFu4QBWaFuJR8:rQtBXyOQJbF/+LzjLxi0PQw4QBz

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks