Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
file.exe
-
Size
260KB
-
Sample
221029-bqnnaaehf2
-
MD5
0977d24926bb7054965077aa47ae6eb9
-
SHA1
2b257a3bd6e16788458ee4223ec8d0ebc3a8eea3
-
SHA256
07699f780ad559ab0a8410f80033750202604736840d7880a11b37253dec5977
-
SHA512
3fca1acce75d60239fa0373ac5608221294571c44e10fbe7cc92b7d9e01af4cd8e1a8e94fcb654c795a6c8b64aebb85535527b8f092f922b9385ec4e6f64ad7d
-
SSDEEP
3072:/PiD0BaXzLdQlU/z5d3mt3pVaDhFVIVQC0ODopk3jf80Cxet1nsM/h3:g0BUzLqlFpVaDnVO0Ookz2x0ns
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
file.exe
-
Size
260KB
-
MD5
0977d24926bb7054965077aa47ae6eb9
-
SHA1
2b257a3bd6e16788458ee4223ec8d0ebc3a8eea3
-
SHA256
07699f780ad559ab0a8410f80033750202604736840d7880a11b37253dec5977
-
SHA512
3fca1acce75d60239fa0373ac5608221294571c44e10fbe7cc92b7d9e01af4cd8e1a8e94fcb654c795a6c8b64aebb85535527b8f092f922b9385ec4e6f64ad7d
-
SSDEEP
3072:/PiD0BaXzLdQlU/z5d3mt3pVaDhFVIVQC0ODopk3jf80Cxet1nsM/h3:g0BUzLqlFpVaDnVO0Ookz2x0ns
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-