d4ad926162305dfd11eb0df2ac7d13f435c68a60edb4b4c30a43f2c8e6b91f32 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

7

d4ad926162...32.exe

windows7-x64

9

d4ad926162...32.exe

windows10-2004-x64

9

Sharing

General

Target

d4ad926162305dfd11eb0df2ac7d13f435c68a60edb4b4c30a43f2c8e6b91f32
Size

5.4MB
Sample

250328-mct4pawqt8
MD5

f899a504a5cbc01d4eaeabd90b251741
SHA1

1b5b25dd30a9d6fb17ff1091b0252106753ac647
SHA256

d4ad926162305dfd11eb0df2ac7d13f435c68a60edb4b4c30a43f2c8e6b91f32
SHA512

e610fb50accbd8c9362dbc34375197fa978b075c6348c864f1ca61bca1099951ef1fc03dcb3d65466e520a16a3bad1c641bb3a39aee5b7074e819a942c76cee0
SSDEEP

98304:ZLDnX1/CBwI0ICu7Uo71ynWBeMtqfOfTlWXLVKCBgogChETTg77eNX:ZN2T0oAoxBe5fmTIXLs64KEkiNX

Score

9^/10

defense_evasion discovery themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

d4ad926162305dfd11eb0df2ac7d13f435c68a60edb4b4c30a43f2c8e6b91f32.exe

Resource

win7-20240903-en

defense_evasion discovery themida trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

d4ad926162305dfd11eb0df2ac7d13f435c68a60edb4b4c30a43f2c8e6b91f32.exe

Resource

win10v2004-20250314-en

defense_evasion discovery themida trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  d4ad926162305dfd11eb0df2ac7d13f435c68a60edb4b4c30a43f2c8e6b91f32
- Size
  
  5.4MB
- MD5
  
  f899a504a5cbc01d4eaeabd90b251741
- SHA1
  
  1b5b25dd30a9d6fb17ff1091b0252106753ac647
- SHA256
  
  d4ad926162305dfd11eb0df2ac7d13f435c68a60edb4b4c30a43f2c8e6b91f32
- SHA512
  
  e610fb50accbd8c9362dbc34375197fa978b075c6348c864f1ca61bca1099951ef1fc03dcb3d65466e520a16a3bad1c641bb3a39aee5b7074e819a942c76cee0
- SSDEEP
  
  98304:ZLDnX1/CBwI0ICu7Uo71ynWBeMtqfOfTlWXLVKCBgogChETTg77eNX:ZN2T0oAoxBe5fmTIXLs64KEkiNX
Score

9^/10

defense_evasion discovery themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  defense_evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  defense_evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoverythemidatrojan

behavioral2

defense_evasiondiscoverythemidatrojan

© 2018-2025

Terms | Privacy