Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

7

setup.exe

windows10-ltsc 2021-x64

10

setup.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    157s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250217-en
  • resource tags

    arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    11/03/2025, 20:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    setup.exe

  • Size

    709.0MB

  • MD5

    cffa59bdc566b21e6f3b7bbd7d1b943a

  • SHA1

    7319cf3c26228d14c6fb4495519cef5df4cb05ac

  • SHA256

    99a35657f5582f935c761d1b5f6d9b9c859b017bca9178b06231f2b5ce0eeec6

  • SHA512

    48b0f52a6c707efa938ef8f983e6043946b4c748e1dcb7a9aa0f4668a3fda4015ab8691791421f24c53afb5cc384788465bca2168de62c398ce3244b78308a7a

  • SSDEEP

    98304:tw3DAfSsGlM8u5FJSGIfheKutJtjovjuY1uXoY7CQ:MySsGiHrKuJkL6x

Score
10/10
privateloaderdefense_evasionloaderthemidatrojan

Malware Config

Signatures

  • Modifies firewall policy service 3 TTPs 1 IoCs
    defense_evasion
  • PrivateLoader

    PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    loaderprivateloader
  • Privateloader family
    privateloader
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    defense_evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Themida packer 8 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    defense_evasiontrojan
  • Drops file in System32 directory 4 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\setup.exe"
    1⤵
    • Modifies firewall policy service
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Checks whether UAC is enabled
    • Drops file in System32 directory
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    PID:4072
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
    1⤵
      PID:3696
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
      1⤵
        PID:1328

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/4072-0-0x00007FF788250000-0x00007FF788D23000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/4072-1-0x00007FF788250000-0x00007FF788D23000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/4072-6-0x00007FFE00000000-0x00007FFE00002000-memory.dmp

        Filesize

        8KB

        Download

      • memory/4072-7-0x00007FFE69CC7000-0x00007FFE69CC9000-memory.dmp

        Filesize

        8KB

        Download

      • memory/4072-8-0x00007FFE69C20000-0x00007FFE69E29000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4072-10-0x00007FF788250000-0x00007FF788D23000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/4072-12-0x00007FF788250000-0x00007FF788D23000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/4072-11-0x00007FF788250000-0x00007FF788D23000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/4072-9-0x00007FF788250000-0x00007FF788D23000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/4072-20-0x00007FF788250000-0x00007FF788D23000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/4072-21-0x00007FFE00000000-0x00007FFE00002000-memory.dmp

        Filesize

        8KB

        Download

      • memory/4072-22-0x00007FFE69C20000-0x00007FFE69E29000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4072-24-0x00007FF788250000-0x00007FF788D23000-memory.dmp

        Filesize

        10.8MB

        Download