Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

7

Mr4X5srRQR...AN.exe

windows7-x64

10

Mr4X5srRQR...AN.exe

windows10-2004-x64

10

OEmxRS9Uai...jI.exe

windows7-x64

10

OEmxRS9Uai...jI.exe

windows10-2004-x64

10

OvVYhhgvd6...oB.exe

windows7-x64

9

OvVYhhgvd6...oB.exe

windows10-2004-x64

9

QKvpJeDIaP...YY.exe

windows7-x64

9

QKvpJeDIaP...YY.exe

windows10-2004-x64

9

QxZsdXOO8X...jN.exe

windows7-x64

10

QxZsdXOO8X...jN.exe

windows10-2004-x64

10

QzUu4XgUxQ...C3.exe

windows7-x64

10

QzUu4XgUxQ...C3.exe

windows10-2004-x64

10

SHSPDO6BYD...j9.exe

windows7-x64

10

SHSPDO6BYD...j9.exe

windows10-2004-x64

10

SqCuVl85T1...Di.exe

windows7-x64

10

SqCuVl85T1...Di.exe

windows10-2004-x64

10

T8Ulrjj8F6..._x.exe

windows7-x64

10

T8Ulrjj8F6..._x.exe

windows10-2004-x64

10

Trj0QcTNVE...S9.exe

windows7-x64

10

Trj0QcTNVE...S9.exe

windows10-2004-x64

10

Uwc7l02Hzj...tU.exe

windows7-x64

Uwc7l02Hzj...tU.exe

windows10-2004-x64

1

VoTrXaqIJ3...LW.exe

windows7-x64

10

VoTrXaqIJ3...LW.exe

windows10-2004-x64

10

Wp77te7Dqj...Hr.exe

windows7-x64

9

Wp77te7Dqj...Hr.exe

windows10-2004-x64

9

XOCYAkm_Nn...Q3.exe

windows7-x64

10

XOCYAkm_Nn...Q3.exe

windows10-2004-x64

10

Xd_XnNqsZT...Ai.exe

windows7-x64

10

Xd_XnNqsZT...Ai.exe

windows10-2004-x64

10

Xr9ca9oQNQ...Z9.exe

windows7-x64

9

Xr9ca9oQNQ...Z9.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2024, 03:57 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    QKvpJeDIaPtXDcwKwH_WmAYY.exe

  • Size

    2.4MB

  • MD5

    a7feb91676ca65d3da71c8ff8798e2ec

  • SHA1

    96b60cacea9e992ae9eef8e159d51e50bb0c7a79

  • SHA256

    844c20ca22a32cb2b23ff601dd070dfc800240bbcb2cbd825f3d3b325ad18a5f

  • SHA512

    d029d1e3746ae2c0dbf3351efbd744bdfef15fa9462de1cd35a4c5624d60365e5432e8ce7c49953b01df67f82525f35b79da371affc047e859ee61f60dbf9d75

  • SSDEEP

    49152:yzaIawrFIsU6+anPakV7/HFangWtl4UjhlXAl6RUbbzRMWv5pKJa2Xkut:yzzaOBU6++PrV7/lDmhxAl6UbbzRMWba

Score
9/10
discoveryevasionthemidatrojan

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Themida packer 1 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\QKvpJeDIaPtXDcwKwH_WmAYY.exe
    "C:\Users\Admin\AppData\Local\Temp\QKvpJeDIaPtXDcwKwH_WmAYY.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Checks whether UAC is enabled
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • System Location Discovery: System Language Discovery
    PID:2400

Network

    No results found
  • 188.124.36.242:25802
    QKvpJeDIaPtXDcwKwH_WmAYY.exe
    152 B
     3
  • 188.124.36.242:25802
    QKvpJeDIaPtXDcwKwH_WmAYY.exe
    152 B
     3
  • 188.124.36.242:25802
    QKvpJeDIaPtXDcwKwH_WmAYY.exe
    152 B
     3
  • 188.124.36.242:25802
    QKvpJeDIaPtXDcwKwH_WmAYY.exe
    152 B
     3
  • 188.124.36.242:25802
    QKvpJeDIaPtXDcwKwH_WmAYY.exe
    152 B
     3
  • 188.124.36.242:25802
    QKvpJeDIaPtXDcwKwH_WmAYY.exe
    152 B
     3
  • 188.124.36.242:25802
    QKvpJeDIaPtXDcwKwH_WmAYY.exe
    152 B
     3
  • 188.124.36.242:25802
    QKvpJeDIaPtXDcwKwH_WmAYY.exe
    52 B
     1
No results found

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2400-0-0x0000000000ED0000-0x000000000151E000-memory.dmp

    Filesize

    6.3MB

    Download

  • memory/2400-1-0x0000000076DA1000-0x0000000076DA2000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2400-2-0x0000000076D90000-0x0000000076EA0000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2400-12-0x0000000076D90000-0x0000000076EA0000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2400-11-0x0000000076D90000-0x0000000076EA0000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2400-25-0x0000000076D90000-0x0000000076EA0000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2400-27-0x0000000000ED0000-0x000000000151E000-memory.dmp

    Filesize

    6.3MB

    Download

  • memory/2400-26-0x0000000076D90000-0x0000000076EA0000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2400-24-0x0000000076D90000-0x0000000076EA0000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2400-23-0x0000000076D90000-0x0000000076EA0000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2400-20-0x0000000076D90000-0x0000000076EA0000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2400-18-0x0000000076D90000-0x0000000076EA0000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2400-17-0x0000000076D90000-0x0000000076EA0000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2400-16-0x0000000076D90000-0x0000000076EA0000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2400-15-0x0000000076D90000-0x0000000076EA0000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2400-14-0x0000000076D90000-0x0000000076EA0000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2400-13-0x0000000076D90000-0x0000000076EA0000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2400-10-0x0000000076D90000-0x0000000076EA0000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2400-9-0x0000000076D90000-0x0000000076EA0000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2400-8-0x0000000076D90000-0x0000000076EA0000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2400-7-0x0000000076D90000-0x0000000076EA0000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2400-6-0x0000000076D90000-0x0000000076EA0000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2400-5-0x0000000076D90000-0x0000000076EA0000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2400-4-0x0000000076D90000-0x0000000076EA0000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2400-3-0x0000000076D90000-0x0000000076EA0000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2400-28-0x0000000000ED0000-0x000000000151E000-memory.dmp

    Filesize

    6.3MB

    Download

  • memory/2400-30-0x0000000076D90000-0x0000000076EA0000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2400-29-0x0000000076DA1000-0x0000000076DA2000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2400-31-0x0000000076D90000-0x0000000076EA0000-memory.dmp

    Filesize

    1.1MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.