Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
file.exe
-
Size
327KB
-
Sample
230110-aea3dagc42
-
MD5
c620bc5dee44c490218d77b51a8da747
-
SHA1
947e939b56984aac0f15afe93e091f0bff74d5a1
-
SHA256
69e4bc4640c7e9cc9f00c3044c3ec548bbafd8034ee93f53308c935df8e7e651
-
SHA512
05f9d601f1035ceb160d0774ebdfb9485cf1e399985a4be95ac35f980d39564299448c8016232af5e1c32bf6c57f68820dd6294ebd84e38e6e01fb0ba5c08521
-
SSDEEP
6144:aIPlkzB13tpPtg4F4qIozg+7dBA0X+JY:aItA391tg4FCocIu
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
file.exe
-
Size
327KB
-
MD5
c620bc5dee44c490218d77b51a8da747
-
SHA1
947e939b56984aac0f15afe93e091f0bff74d5a1
-
SHA256
69e4bc4640c7e9cc9f00c3044c3ec548bbafd8034ee93f53308c935df8e7e651
-
SHA512
05f9d601f1035ceb160d0774ebdfb9485cf1e399985a4be95ac35f980d39564299448c8016232af5e1c32bf6c57f68820dd6294ebd84e38e6e01fb0ba5c08521
-
SSDEEP
6144:aIPlkzB13tpPtg4F4qIozg+7dBA0X+JY:aItA391tg4FCocIu
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-