3c25d45a330f1dadac0527f9ddbd526e830b1515bf6e9b7302dd228576185559 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

7

3c25d45a33...59.exe

windows7-x64

9

3c25d45a33...59.exe

windows10-2004-x64

9

Sharing

General

Target

3c25d45a330f1dadac0527f9ddbd526e830b1515bf6e9b7302dd228576185559
Size

5.2MB
Sample

250328-mcw82svtbt
MD5

228c840e73206cf6e00666c83bc0dda1
SHA1

d2738e67e98c07e9ae43015364f74f0f68f40316
SHA256

3c25d45a330f1dadac0527f9ddbd526e830b1515bf6e9b7302dd228576185559
SHA512

280f4849abd2a1d2348a05d9d2131d576a668b7d63638cabab69d26783a54a29b4937e3e9d76e40c6720e383737f969fb1cae71107766b1f7913535e121bbae1
SSDEEP

98304:WF4C6Z+1AWh44x0fIsRy+9SGX3XYuZIEmFWLIAUchvIDHeU7kTTpLz:w641e4xkK+9hnXNnjAiU7STpLz

Score

9^/10

defense_evasion discovery themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

3c25d45a330f1dadac0527f9ddbd526e830b1515bf6e9b7302dd228576185559.exe

Resource

win7-20240903-en

defense_evasion discovery themida trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

3c25d45a330f1dadac0527f9ddbd526e830b1515bf6e9b7302dd228576185559.exe

Resource

win10v2004-20250314-en

defense_evasion discovery themida trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  3c25d45a330f1dadac0527f9ddbd526e830b1515bf6e9b7302dd228576185559
- Size
  
  5.2MB
- MD5
  
  228c840e73206cf6e00666c83bc0dda1
- SHA1
  
  d2738e67e98c07e9ae43015364f74f0f68f40316
- SHA256
  
  3c25d45a330f1dadac0527f9ddbd526e830b1515bf6e9b7302dd228576185559
- SHA512
  
  280f4849abd2a1d2348a05d9d2131d576a668b7d63638cabab69d26783a54a29b4937e3e9d76e40c6720e383737f969fb1cae71107766b1f7913535e121bbae1
- SSDEEP
  
  98304:WF4C6Z+1AWh44x0fIsRy+9SGX3XYuZIEmFWLIAUchvIDHeU7kTTpLz:w641e4xkK+9hnXNnjAiU7STpLz
Score

9^/10

defense_evasion discovery themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  defense_evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  defense_evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoverythemidatrojan

behavioral2

defense_evasiondiscoverythemidatrojan

© 2018-2025

Terms | Privacy