Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    27b486faa94f48887797d5f2b75881387915bf551ea47febf47a3416c6b005b8

  • Size

    70KB

  • Sample

    220616-d5nb6sdaa5

  • MD5

    5ebf3a0c02c3304c54b491ea01413362

  • SHA1

    2246cd502b39a5f2b98ec664b495f29d0527fe7d

  • SHA256

    27b486faa94f48887797d5f2b75881387915bf551ea47febf47a3416c6b005b8

  • SHA512

    bb170fdfbd9a1fdaf6fcf3441459c21622731075e8a0f5df057b9abaeb907dc935ab3af9b4618e2d429790177f86601c71148cdddc245cfb93dc04aff78b1d7e

Malware Config

Targets

    • Target

      27b486faa94f48887797d5f2b75881387915bf551ea47febf47a3416c6b005b8

    • Size

      70KB

    • MD5

      5ebf3a0c02c3304c54b491ea01413362

    • SHA1

      2246cd502b39a5f2b98ec664b495f29d0527fe7d

    • SHA256

      27b486faa94f48887797d5f2b75881387915bf551ea47febf47a3416c6b005b8

    • SHA512

      bb170fdfbd9a1fdaf6fcf3441459c21622731075e8a0f5df057b9abaeb907dc935ab3af9b4618e2d429790177f86601c71148cdddc245cfb93dc04aff78b1d7e

    Score
    10/10
    • suricata: ET MALWARE Dark Nexus IoT Variant User-Agent (Outbound)

      suricata: ET MALWARE Dark Nexus IoT Variant User-Agent (Outbound)

    • Contacts a large (21716) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

MITRE ATT&CK Enterprise v6

Tasks