Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

7

Cryptic Ware Perm.exe

windows7-x64

10

Cryptic Ware Perm.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Cryptic Ware Perm.exe

  • Size

    4.4MB

  • Sample

    250322-a3sx4ayjs4

  • MD5

    609bd04323c87ac5b9ef563bb517508d

  • SHA1

    4bd292594f7e3867a3ae62f19b8a5728fb541aad

  • SHA256

    f62d4ee2fb48f64e69bfbc3c2a467245da06b67feafe3fec54e4e80f5b32b350

  • SHA512

    1e49def2e8c824a5bb9de3df1dec5a08a4a00cc988f3120d526e7ebfa261c937839b4318b7c3e8abba254946fd349531771d3d1c27295c3f9be97444e82a8e59

  • SSDEEP

    98304:VbQ0IUsAcJNoQNUxyses8FmyqU2Yv35Dl6duhUt:VV+J2SUTmqUX9lHit

Score
10/10
cerberdefense_evasionransomwarethemidatrojan

Malware Config

Targets

    • Target

      Cryptic Ware Perm.exe

    • Size

      4.4MB

    • MD5

      609bd04323c87ac5b9ef563bb517508d

    • SHA1

      4bd292594f7e3867a3ae62f19b8a5728fb541aad

    • SHA256

      f62d4ee2fb48f64e69bfbc3c2a467245da06b67feafe3fec54e4e80f5b32b350

    • SHA512

      1e49def2e8c824a5bb9de3df1dec5a08a4a00cc988f3120d526e7ebfa261c937839b4318b7c3e8abba254946fd349531771d3d1c27295c3f9be97444e82a8e59

    • SSDEEP

      98304:VbQ0IUsAcJNoQNUxyses8FmyqU2Yv35Dl6duhUt:VV+J2SUTmqUX9lHit

    Score
    10/10
    cerberdefense_evasionransomwarethemidatrojan

    • Cerber

      Cerber is a widely used ransomware-as-a-service (RaaS), first seen in 2017.

      ransomwarecerber

    • Cerber family

      cerber

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      defense_evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      defense_evasiontrojan

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.