Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
file.exe
-
Size
147KB
-
Sample
221127-ym4lnaea92
-
MD5
47ce9ed9195c4e612073ae5e1672e5b4
-
SHA1
59ce202ca406b8231beb7e21d93ef273723a66e0
-
SHA256
365774579036398a227dd43ab69bfb57221aa97700cd37e0bc7bd764420db839
-
SHA512
785bb50a883500b0dcbd11e59b6bcafa30a737c50b7dccc3502a29f4fb107fab98d954b51e123112b9692e4f8d9d300f5f81c1275389b9223acb22f149018e16
-
SSDEEP
3072:K+LFVOQgneprGk53rCVioI4owCnK1lDGD4x+99:LFVonkr/rgioI4owCn+IDD
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
file.exe
-
Size
147KB
-
MD5
47ce9ed9195c4e612073ae5e1672e5b4
-
SHA1
59ce202ca406b8231beb7e21d93ef273723a66e0
-
SHA256
365774579036398a227dd43ab69bfb57221aa97700cd37e0bc7bd764420db839
-
SHA512
785bb50a883500b0dcbd11e59b6bcafa30a737c50b7dccc3502a29f4fb107fab98d954b51e123112b9692e4f8d9d300f5f81c1275389b9223acb22f149018e16
-
SSDEEP
3072:K+LFVOQgneprGk53rCVioI4owCnK1lDGD4x+99:LFVonkr/rgioI4owCn+IDD
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-