Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

7

release/ma...ex.exe

windows10-2004-x64

9

release/ma...er.exe

windows10-2004-x64

9

release/map/Map.exe

windows10-2004-x64

Resubmissions

23/08/2024, 00:34

240823-aw7gxawdjg 9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    release8-16 (1).rar

  • Size

    8.1MB

  • Sample

    240823-aw7gxawdjg

  • MD5

    7b8a172974a32f9d1c093d1c35e8f1a1

  • SHA1

    9110827d5a5a39306ee26e3e8b763abf22ae555e

  • SHA256

    ecab58d9e2edf6539e3cca667a72cb0ced2567bf30073f9f216af4a872c5beaf

  • SHA512

    458f52e0cba4801acce10f062207939f7749365dcfad4a2473e96ccfd91213d0a91b15d07f40b5588e1ebacbbdd5852711dd81252772cc0b9c3232b174a32850

  • SSDEEP

    196608:DyPpgjLDA8M2X5et5MNhJNlixAvGUFi0gpuKLoqizxw1wK:Bj/A8MHHMDXAA+UA0gxLonzM

Score
9/10
defense_evasionevasionpersistencethemidatrojan

Malware Config

Targets

    • Target

      release/main/celex.exe

    • Size

      3.9MB

    • MD5

      2ae7fb5557a3501e32e3528873d83100

    • SHA1

      86b632d455e6651d5e6d6293ed3c4b0613660976

    • SHA256

      16027e06f365940fcf8699655d34f22804361b4409cfa57dc97889bb8db8c306

    • SHA512

      f42ceafdf978cfc6bc2dd25fb72bf0b5963aa24146b33cf74bb68eff785c757f5237a37f44a0991487cc4250ad5fc97bfd7b0827eee444bab9cdb6c828e4238c

    • SSDEEP

      49152:CfpIS9hSoXZRIusMK8sJ6SaskwLPQgA0ddqKpDVvleDBMkZsdSsypzHDBaNOIsdh:iQcmaBqogAS9TleDOQsIrpFjNlwUz

    Score
    9/10
    evasionpersistencethemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Sets service image path in registry

      persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

    • Target

      release/main/loader.exe

    • Size

      4.1MB

    • MD5

      9ecdc9ed1bea6c226f92d740d43400b9

    • SHA1

      b5b5066cd4284733d8c3f3d7de3ca6653091ae10

    • SHA256

      60c57f14c2e0e0df0bda16646b21dddceaee0159dafbbb8daba310d4e1b5be6c

    • SHA512

      30bc705a2438288e3647d5adfc6119d751823970972b9c6b39a60384a2b7ac261986026b8d1c0b0ca7ee3d7e95363c97b873fdc5fad4096c903cb4e15bf57e43

    • SSDEEP

      98304:vnUGAC+hqc8lqvdzw2nsNKYYURyc9JirsN4JzmUPj:PTn2qcUzp6UYeJRCxPj

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral2

    • Target

      release/map/Map.exe

    • Size

      416KB

    • MD5

      36c50332466b6e921edb79ea4b240278

    • SHA1

      5b858fb375235e7638b7cef22ca972d27ce9cacc

    • SHA256

      0a76f7d189b368598ee017d0094a6698ffff66d0f981f85769971170ca29e042

    • SHA512

      fbc23c9d21e9dd3fbb7eac87fcee7e9db52d6c6450402ec90a7ba43940029af00d4ab9db8f0e662f30d8f99a34326673f26051932e2ae7afcfb377d053f4cc41

    • SSDEEP

      12288:rbNG38Jf2mCsCTyTH8+vtQ7BWD24cVLxSf0:rbNG38Jf2mCsCTMc+laBH4cVLxSf

    Score
    8/10
    defense_evasionpersistence

    • Modify Registry: Disable Windows Driver Blocklist

      Disable Windows Driver Blocklist via Registry.

      defense_evasion

    • Sets service image path in registry

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral3

MITRE ATT&CK Enterprise v15

Tasks