e7e414c253f9ddc4543de1d5ffe6d307f362f49a23e7cadff325856b2b623f8e | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

7

Gamesense.exe

windows7-x64

9

Gamesense.exe

windows10-2004-x64

9

Sharing

General

Target

Gamesense.exe
Size

18.5MB
Sample

240825-ges2hsyhnk
MD5

044e3f45a72c31c3b220a60cfb026694
SHA1

57cc38d9b6155a184fe679e96e6abb6b1e5afcec
SHA256

e7e414c253f9ddc4543de1d5ffe6d307f362f49a23e7cadff325856b2b623f8e
SHA512

8ca84cad8b70d07e1efed057930168f3638004b22db56b69db7840a74da27f3dd97cc9a2a28914f68a52527b52d8a31a3277ab30b2e7a5a3b0700dfcfee0c173
SSDEEP

393216:USLpLFG0zW0zkV8GP870Qj3+thpvLpTWwim72/kpW8wxUm:USLBz1ABUj3+vpvLpTLim7KiQl

Score

9^/10

bootkit evasion persistence themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Gamesense.exe

Resource

win7-20240705-en

bootkit evasion persistence themida trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

Gamesense.exe

Resource

win10v2004-20240802-en

bootkit evasion persistence themida trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  Gamesense.exe
- Size
  
  18.5MB
- MD5
  
  044e3f45a72c31c3b220a60cfb026694
- SHA1
  
  57cc38d9b6155a184fe679e96e6abb6b1e5afcec
- SHA256
  
  e7e414c253f9ddc4543de1d5ffe6d307f362f49a23e7cadff325856b2b623f8e
- SHA512
  
  8ca84cad8b70d07e1efed057930168f3638004b22db56b69db7840a74da27f3dd97cc9a2a28914f68a52527b52d8a31a3277ab30b2e7a5a3b0700dfcfee0c173
- SSDEEP
  
  393216:USLpLFG0zW0zkV8GP870Qj3+thpvLpTWwim72/kpW8wxUm:USLBz1ABUj3+vpvLpTLim7KiQl
Score

9^/10

bootkit evasion persistence themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Virtualization/Sandbox Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitevasionpersistencethemidatrojan

behavioral2

bootkitevasionpersistencethemidatrojan

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.