Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
100s -
max time network
102s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20241211-en -
resource tags
arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system -
submitted
01/01/2025, 03:31
Static task
static1
Behavioral task
behavioral1
Sample
syphra (5).zip
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral2
Sample
ArcadiaLauncher.exe
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral3
Sample
ArcadiaModule.dll
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral4
Sample
Syphra.exe
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral5
Sample
updates.txt
Resource
win10ltsc2021-20241023-en
General
-
Target
Syphra.exe
-
Size
1.6MB
-
MD5
46630830806724602b9dd8111c6f1d98
-
SHA1
5324edf8bf5b7c94cac2d869d31641b7557b6701
-
SHA256
cd45f87c82da868ecd184676d9bf1e8b4cbb5216052920e34ebb04d0591db35b
-
SHA512
e8b73474dada6167d5428a872031c566131d0a1187be846a455644decd442e610ea10e19b7484395b4791006c9c64988e7ab5cf0e8c0b01d69509c64b9c4b462
-
SSDEEP
24576:iN1wFnsg060BRUROR+rC7Yg3kzSAnhkqjVnlqud+/2P+A/t2bQUv2gVbAdf:AwFnqoukzlhkqXfd+/9A/M8PgU
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
flow ioc 11 raw.githubusercontent.com 12 raw.githubusercontent.com 13 raw.githubusercontent.com -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2964 Syphra.exe