Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1d9c237d76119a4144662a75eeef546e784cff151ae35f2a344859099221ef8a

  • Size

    1.3MB

  • Sample

    221101-25hcxsfge3

  • MD5

    bb1475c169fa9d4583d71c9f5feee016

  • SHA1

    7e2028c83fa1c4f13a4523f04fe9c7b17d5ebdfc

  • SHA256

    1d9c237d76119a4144662a75eeef546e784cff151ae35f2a344859099221ef8a

  • SHA512

    f64ce56cf7e13b94e6440e07b9c8bbeacaf1494a6fd87023fe087f17adddcb6402b47d38cb40bfd48aa6f901b20a79a601049f4f9f73dfe57c9fe4b3d8ed7357

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10

Malware Config

Targets

    • Target

      1d9c237d76119a4144662a75eeef546e784cff151ae35f2a344859099221ef8a

    • Size

      1.3MB

    • MD5

      bb1475c169fa9d4583d71c9f5feee016

    • SHA1

      7e2028c83fa1c4f13a4523f04fe9c7b17d5ebdfc

    • SHA256

      1d9c237d76119a4144662a75eeef546e784cff151ae35f2a344859099221ef8a

    • SHA512

      f64ce56cf7e13b94e6440e07b9c8bbeacaf1494a6fd87023fe087f17adddcb6402b47d38cb40bfd48aa6f901b20a79a601049f4f9f73dfe57c9fe4b3d8ed7357

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks