Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
file.exe
-
Size
328KB
-
Sample
230110-efl89afc3y
-
MD5
572ad96b85d4a1494c07b82ec6da8270
-
SHA1
eba8ab6dbb408d103c71702ef4c578fe0283cc26
-
SHA256
baa9b309139f49ebb0c7effd218f496a66bad7f90535452c28123f29f680687f
-
SHA512
fe89d310e9895cca6ce1334dd323380bd2419f4f26e80a378b60fb9b3c58c4891a40b83487cb7be0369c6b7ce2c929716e7c161ed75b7de0d1c54ed0a72f5806
-
SSDEEP
3072:wX3mmPtmv31EAV5HTndH1CgaBr3cYsCi7Il+lD3nVLA7XL7EReBA0X8rFc4CqQJK:klmv+AfTyZrsVCujnV+7dBA0Xo27JY
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
file.exe
-
Size
328KB
-
MD5
572ad96b85d4a1494c07b82ec6da8270
-
SHA1
eba8ab6dbb408d103c71702ef4c578fe0283cc26
-
SHA256
baa9b309139f49ebb0c7effd218f496a66bad7f90535452c28123f29f680687f
-
SHA512
fe89d310e9895cca6ce1334dd323380bd2419f4f26e80a378b60fb9b3c58c4891a40b83487cb7be0369c6b7ce2c929716e7c161ed75b7de0d1c54ed0a72f5806
-
SSDEEP
3072:wX3mmPtmv31EAV5HTndH1CgaBr3cYsCi7Il+lD3nVLA7XL7EReBA0X8rFc4CqQJK:klmv+AfTyZrsVCujnV+7dBA0Xo27JY
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-