Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    916b26e29a3ef1bfa5190fc41e77fabf09739fd0e34425c73924c5ee3dbc53c2

  • Size

    928KB

  • Sample

    210515-7wmlksxqv6

  • MD5

    103a334028ffd116e5cd828b98e3c323

  • SHA1

    2f8c2a3f3f57b2d9a81dae0c20322097c372f081

  • SHA256

    916b26e29a3ef1bfa5190fc41e77fabf09739fd0e34425c73924c5ee3dbc53c2

  • SHA512

    f761ccc408a1e78289499bf253dad5d6a36ab3f6672c2b29941b58aa84c32f97e8f974d90a83cbda57fa122295f277e7e85b1eb00a7c61f58dbd1b2c6e2abc3d

Malware Config

Targets

    • Target

      916b26e29a3ef1bfa5190fc41e77fabf09739fd0e34425c73924c5ee3dbc53c2

    • Size

      928KB

    • MD5

      103a334028ffd116e5cd828b98e3c323

    • SHA1

      2f8c2a3f3f57b2d9a81dae0c20322097c372f081

    • SHA256

      916b26e29a3ef1bfa5190fc41e77fabf09739fd0e34425c73924c5ee3dbc53c2

    • SHA512

      f761ccc408a1e78289499bf253dad5d6a36ab3f6672c2b29941b58aa84c32f97e8f974d90a83cbda57fa122295f277e7e85b1eb00a7c61f58dbd1b2c6e2abc3d

    • FakeAV, RogueAntivirus

      FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • FakeAV payload

    • Executes dropped EXE

    • Sets file execution options in registry

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks