Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

7

45.76.36.1...re.dll

windows7-x64

3

45.76.36.1...re.dll

windows10-2004-x64

3

45.76.36.1...EK.dll

windows7-x64

3

45.76.36.1...EK.dll

windows10-2004-x64

3

45.76.36.1...32.dll

windows7-x64

9

45.76.36.1...32.dll

windows10-2004-x64

9

45.76.36.1...32.dll

windows7-x64

3

45.76.36.1...32.dll

windows10-2004-x64

3

45.76.36.1...32.exe

windows7-x64

10

45.76.36.1...32.exe

windows10-2004-x64

10

45.76.36.1...32.dll

windows7-x64

3

45.76.36.1...32.dll

windows10-2004-x64

3

45.76.36.1...00.dll

windows7-x64

3

45.76.36.1...00.dll

windows10-2004-x64

3

45.76.36.1...ce.lnk

windows7-x64

3

45.76.36.1...ce.lnk

windows10-2004-x64

3

45.76.36.1...pi.dll

windows7-x64

3

45.76.36.1...pi.dll

windows10-2004-x64

3

45.76.36.1...ub.exe

windows7-x64

3

45.76.36.1...ub.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    45.76.36.1322.zip

  • Size

    5.1MB

  • Sample

    250321-jxc45avwgs

  • MD5

    ffb2c9f84f4f87da08a37274772e83e8

  • SHA1

    ad2775463db1fddd6aaa0855c2329452bc81f360

  • SHA256

    9197c2396decf8ef116ed4027a6760294fb46be2ec3958915407a3846a3be9ce

  • SHA512

    2468ae575c078e8025a7523179aa94ba9fee17b77e2f3eda6b301f51ec720eff48ae290e3517ae0925efe8d4ee9f670468894385581fc4479397bf2a625e2f03

  • SSDEEP

    98304:IdquOS2c8SSB1RiK6NZ0GDT/5wsgerXQoRBpby1iFeD8aPY7lfTN:gOSFgRiKKZ0GDNqeUo3CiMD8FJfB

Score
10/10
netsupportdefense_evasiondiscoveryratthemidatrojan

Malware Config

Targets

    • Target

      45.76.36.132 2/AudioCapture.dll

    • Size

      78KB

    • MD5

      3c938a823a7b6e0df611d24c9ddec17d

    • SHA1

      437cfc22a203f5a5cfbb0f9278a5fbb5b7d72774

    • SHA256

      95030f2bffa51b56b5fd2db6ecf7cff25c3f418a051483d55a0b9d389d8603c6

    • SHA512

      8a3bceacf0f79ebdc6d8521fbc22d722d6437b2104877cbd03849c6db0368d1f242caf5f1c80ae7e4127001160cfc1c7fad3cfc27f9f6b7e9f76f1e88d4727f4

    • SSDEEP

      1536:K6Y+3bZm8/vLk957pyPkD/efRFFbkMW+dciDse/Xa5ee/Jei1:K6Y+rQ8/Tk9RpA5FFbkV+dcbV5eXY

    Score
    3/10
    discovery
    behavioral1behavioral2

    • Target

      45.76.36.132 2/PCICHEK.DLL

    • Size

      29KB

    • MD5

      4f352c563d5ae492ae64ad9b33dcebdb

    • SHA1

      b984fa42519d0ae0f0868c7182849a8712a87b2e

    • SHA256

      b78f7f4ab1b20e24d7938a2908bc221457426421acd4ec00dc10eb1e1173314c

    • SHA512

      e5a9eae787583257d455d9340c59b91590c7b31479899e08d2fd215a06a49a78f7260348fe5834331a645fab0080925f1b3cfc0ef98cac97119e112ae3f634a9

    • SSDEEP

      384:Jawhy2mNmnRrpl/uo6ki2Z8ZpH3GCJEd3zi/awUxm2owve7/uo6ki2B3zi/awve+:852mGUr2ZiRBEde/LJyr2pe/F5EFiRUS

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      45.76.36.132 2/PCICL32.DLL

    • Size

      4.3MB

    • MD5

      f0cefd9e7f166e50837e349c356d61ba

    • SHA1

      cf5c663dba2aaef05fd3fc811c103167facd3839

    • SHA256

      d6420a50055423e9b474baa399bed1c8a087029a1b50519cd2beef114d99ab73

    • SHA512

      e57c93b2962211e9ef1428e7e3f4363591b5a48df0ee8fa758d2cf8e8f7e26c4180cca67f23186896ccdb1427b527009df5a1b29d762f4c47afc69fce91ebacc

    • SSDEEP

      98304:9s0Y+NH6TDo8R5SMC0m9UHl07lNCqU1FzhVS+oIQ:1LNHCDo8RAMCk0/cFlNQ

    Score
    9/10
    defense_evasiondiscoverythemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      defense_evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      defense_evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral5behavioral6

    • Target

      45.76.36.132 2/TCCTL32.DLL

    • Size

      456KB

    • MD5

      98e5ef0b012f768e634deddc312d2dc6

    • SHA1

      9012c62bd83e2408ded5c13d7195a150e351edf8

    • SHA256

      85fdfb1789fd0fb40e1808b3f6330bea36bd13ada36e003707c0b0cd4548f15b

    • SHA512

      a90e0031b2d359531897f201ef47b5462b7f0389b441135f1a95586ff0d35d820a7ed9efbfe2b585efe615cdb07584c22d34b3ec5bb86bd12d7d842e838066c4

    • SSDEEP

      12288:nmHGS4LKhpvoD60xxBDBdzmpY18wLENMCjSciME0fq:nmHLijmISMGSc1U

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      45.76.36.132 2/client32.exe

    • Size

      117KB

    • MD5

      59d408d3b3b70cbd6e835a21411a3542

    • SHA1

      ec1f673fc5d6721194b72b22ecc6ef093e156158

    • SHA256

      3fb7c55afeb74a8359bc9ccd964a42c94cc5b1dca0c27a8edb6c9362339529eb

    • SHA512

      eab8a3fff961ee524e4cae5a651ad059936cbe74bd8932820018edc6e421b29f801b5684ec1993ecf2f57852fa7c76002b04f8aed182cee2f2b24b64590a8875

    • SSDEEP

      768:DUXVZl6FhWr80/64r2pe/LpmHDHf/ckcSr2pe/kIaHDHf/cke:DUD0hGiYee/YjHJee/k9jHa

    Score
    10/10
    netsupportdefense_evasiondiscoveryratthemidatrojan

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Netsupport family

      netsupport

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      defense_evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral10behavioral9

    • Target

      45.76.36.132 2/htctl32.dll

    • Size

      316KB

    • MD5

      051cdb6ac8e168d178e35489b6da4c74

    • SHA1

      38c171457d160f8a6f26baa668f5c302f6c29cd1

    • SHA256

      6562585009f15155eea9a489e474cebc4dd2a01a26d846fdd1b93fdc24b0c269

    • SHA512

      602ab9999f7164a2d1704f712d8a622d69148eefe9a380c30bc8b310eadedf846ce6ae7940317437d5da59404d141dc2d1e0c3f954ca4ac7ae3497e56fcb4e36

    • SSDEEP

      6144:WyspIr8g8imeKk9Fv8TamdF3xuHGAimnx30aaY5nFJl8NjzGrn0J/d3M1OGg:WyspIr8g8i191uzdwHGAimd0bY5FJl85

    Score
    3/10
    discovery
    behavioral11behavioral12

    • Target

      45.76.36.132 2/msvcr100.dll

    • Size

      755KB

    • MD5

      0e37fbfa79d349d672456923ec5fbbe3

    • SHA1

      4e880fc7625ccf8d9ca799d5b94ce2b1e7597335

    • SHA256

      8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18

    • SHA512

      2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630

    • SSDEEP

      12288:nMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BVoe3z:MmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV7z

    Score
    3/10
    discovery
    behavioral13behavioral14

    • Target

      45.76.36.132 2/office.lnk

    • Size

      1KB

    • MD5

      b645868482618c15ed333b39a72ac60e

    • SHA1

      f2bf858e0014bc0e1a29ae531cba87f0e5895c5a

    • SHA256

      e66e9df50f40aa73dc847f6afdf9852000782841df6b808a75e090e9787604dd

    • SHA512

      24ad17f2f9165070f04a9979a804eeac6eb47c10b4f2d79bac4f8f245aee50abea5d3331098119fe1ed10640194d631cbd55cc8f97a55573cbe2c2052fd5fd62

    Score
    3/10
    behavioral15behavioral16

    • Target

      45.76.36.132 2/pcicapi.DLL

    • Size

      46KB

    • MD5

      7014874bcd0043e105761fa7fa20d75c

    • SHA1

      f143bcba8d9c4627ec33792f0ef7be34300b09cf

    • SHA256

      85d64ddc9ac6c4ae9defb22a2b1255c27bda15eab56aae12c74989f93a75c967

    • SHA512

      c0513952d71f143c2dc015d251d690fe5ce9ec9c191849ccc41a835b0d89fec496192e792b147bc6d94947634155819faf523d7b0a9d3176ec68fe228246b729

    • SSDEEP

      768:3ZY6oYe0Mb6mFLce2iDOG9iwn+vZr2ZiRBEde/zSr2pe/DEFiRmkv:3ZY6nDmGe2iDOcIFciDse/zCee/Dei1

    Score
    3/10
    discovery
    behavioral17behavioral18

    • Target

      45.76.36.132 2/remcmdstub.exe

    • Size

      75KB

    • MD5

      9b7840a598692f7fca951b63b47c0bdc

    • SHA1

      94355550dd1de0c2e3a6fea2366cfb38e345a7cf

    • SHA256

      f839e10756f05ac065a52b5add7b6f6243cb0255c7bbfcb8a3af8a67f6cb6eaf

    • SHA512

      9f41ba5cbedb8da3d850e195a09fd93e8fac8dbe0c4d7a0c1a52de0e3d9d197fdb743cf2c6456b20766a084c6338343bb8bfad46ceb70085705b30311e85b781

    • SSDEEP

      1536:kfafvTuNOwphKuyUHTqYXHhrXH41LIyzgopee/FjHtee/ejHxl:OafLSpAFUzt01LIyzjeAjNeHjRl

    Score
    3/10
    discovery
    behavioral19behavioral20

MITRE ATT&CK Enterprise v15

Tasks

static1

themida
Score
7/10

behavioral1

discovery
Score
3/10

behavioral2

discovery
Score
3/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

defense_evasiondiscoverythemidatrojan
Score
9/10

behavioral6

defense_evasiondiscoverythemidatrojan
Score
9/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

netsupportdefense_evasiondiscoveryratthemidatrojan
Score
10/10

behavioral10

netsupportdefense_evasiondiscoveryratthemidatrojan
Score
10/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

discovery
Score
3/10

behavioral14

discovery
Score
3/10

behavioral15

Score
3/10

behavioral16

Score
3/10

behavioral17

discovery
Score
3/10

behavioral18

discovery
Score
3/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10