Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5f3b4498eeea5ac29ac49638c2e9a85a9877ce24ee41de33bc266b4eb308891e

  • Size

    1.3MB

  • Sample

    221101-kza8zsaheq

  • MD5

    dec78fba70a50ca96495b0cfbe7bedce

  • SHA1

    2d679b686751a732dd73cf33ea1c29d8e4939784

  • SHA256

    5f3b4498eeea5ac29ac49638c2e9a85a9877ce24ee41de33bc266b4eb308891e

  • SHA512

    1a1f3b326d98509193f0a31a3ff33966a254c9b0c2013e96c469c899a2828f81958e6f08859b433c081132c60a2ea38a4e3d3c25f410ca8eba00dba17529e26c

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10

Malware Config

Targets

    • Target

      5f3b4498eeea5ac29ac49638c2e9a85a9877ce24ee41de33bc266b4eb308891e

    • Size

      1.3MB

    • MD5

      dec78fba70a50ca96495b0cfbe7bedce

    • SHA1

      2d679b686751a732dd73cf33ea1c29d8e4939784

    • SHA256

      5f3b4498eeea5ac29ac49638c2e9a85a9877ce24ee41de33bc266b4eb308891e

    • SHA512

      1a1f3b326d98509193f0a31a3ff33966a254c9b0c2013e96c469c899a2828f81958e6f08859b433c081132c60a2ea38a4e3d3c25f410ca8eba00dba17529e26c

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks