Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b0e9d98bed7f4f8aac340222599bbb526a55e38ddd3f5ed4b7947c9be5fd4037

  • Size

    1.3MB

  • Sample

    221102-s28ahahhg7

  • MD5

    56d52e51566e7807801c5bdfae7f064b

  • SHA1

    3d897f8b78f03d472e4a04a4e56c9f37492c812d

  • SHA256

    b0e9d98bed7f4f8aac340222599bbb526a55e38ddd3f5ed4b7947c9be5fd4037

  • SHA512

    a9ac32eb0b303a59fe6814869238e55d01f178a9094b356f7765801a6b0cdab13ee8db5aefbbe1990ac62a008c8d6a362328f0e9e337720d4eb463cf22991746

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10

Malware Config

Targets

    • Target

      b0e9d98bed7f4f8aac340222599bbb526a55e38ddd3f5ed4b7947c9be5fd4037

    • Size

      1.3MB

    • MD5

      56d52e51566e7807801c5bdfae7f064b

    • SHA1

      3d897f8b78f03d472e4a04a4e56c9f37492c812d

    • SHA256

      b0e9d98bed7f4f8aac340222599bbb526a55e38ddd3f5ed4b7947c9be5fd4037

    • SHA512

      a9ac32eb0b303a59fe6814869238e55d01f178a9094b356f7765801a6b0cdab13ee8db5aefbbe1990ac62a008c8d6a362328f0e9e337720d4eb463cf22991746

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks