e7c4c017ba35baffc7bc8c87cf2f10c56e3de7814bbce6765076610f240ff3c3 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

1

Client.rar

windows10-2004-x64

9

Sharing

General

Target

Client.rar
Size

18.8MB
Sample

250328-mrwaasvvcx
MD5

1cb600d10874616fee321a515d5d3092
SHA1

7a8f80f6cc9a6aeb4193bcd6185d4cbe2d215055
SHA256

e7c4c017ba35baffc7bc8c87cf2f10c56e3de7814bbce6765076610f240ff3c3
SHA512

bf4af8402fe0c71aa937295fa654cbdc2eddbb120a2f9fd0519cf840c245345fc02854076800b3ee1a32f6d607752882bead36f5ffe6a97b3f6bb27207e6b327
SSDEEP

393216:FQaFwoUioGpOt8PahAMjCjt0xw/277cWVSD3kZx77zK:Fz0i/YttDVxwuv1YTytzK

Score

9^/10

defense_evasion discovery

Static task

static1

Behavioral task

behavioral1

Sample

Client.rar

Resource

win10v2004-20250313-en

defense_evasion discovery

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  Client.rar
- Size
  
  18.8MB
- MD5
  
  1cb600d10874616fee321a515d5d3092
- SHA1
  
  7a8f80f6cc9a6aeb4193bcd6185d4cbe2d215055
- SHA256
  
  e7c4c017ba35baffc7bc8c87cf2f10c56e3de7814bbce6765076610f240ff3c3
- SHA512
  
  bf4af8402fe0c71aa937295fa654cbdc2eddbb120a2f9fd0519cf840c245345fc02854076800b3ee1a32f6d607752882bead36f5ffe6a97b3f6bb27207e6b327
- SSDEEP
  
  393216:FQaFwoUioGpOt8PahAMjCjt0xw/277cWVSD3kZx77zK:Fz0i/YttDVxwuv1YTytzK
Score

9^/10

defense_evasion discovery
- Enumerates VirtualBox registry keys
  defense_evasion
- Looks for VirtualBox Guest Additions in registry
  defense_evasion
- Looks for VMWare Tools registry key
  defense_evasion
- Looks for VMWare services registry key.
  defense_evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery

© 2018-2025

Terms | Privacy