Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    smp.mcworld

  • Size

    1.3MB

  • Sample

    230112-3rpqhsfe2s

  • MD5

    d8ca0e93cb754a585eca7cc931ccfd27

  • SHA1

    3317dd336e14c0e112afd446d9fcb2283a808e00

  • SHA256

    3273f8b3b262944cf6f7b5eaf34eebf3a1381fe594b2b33b57eb57b01148cdec

  • SHA512

    d8489b8fbdf176e2d2f8a7014229a4456b6696053cf0e55cc31825f1533ac75d3672aa65cdce1fad7506c953b022c428b709820c0fc34d09a280d0ac577195d4

  • SSDEEP

    24576:1/n3XEoYHW3AAFUXPQYptF0UWddSy4E6++VJocK48ud7Llsi9eKEpgS:1/nHZYW3AAFY1tF0UkdSyKzmLkWgS

Malware Config

Targets

    • Target

      level.dat

    • Size

      2KB

    • MD5

      323fd09913379c03f4801bc80daf3aaf

    • SHA1

      2efa1fab476d0edceaa5536b0085a291c40d04e8

    • SHA256

      a7bbe1392629bccdfbc456ed1c65b858a4fa428c5b727f5202f6d3381811fea8

    • SHA512

      c11680a5bd10126fc068374404a381309b5b99e47b3668568897b7a800861cefc261a9ab52edc48b01ff03312aa05f8cc2b9c27635a07dafc3b13009c23df711

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Legitimate hosting services abused for malware hosting/C2

    • Target

      level.dat_old

    • Size

      2KB

    • MD5

      e183dcb4bd6eacebc6cc33369b53ba28

    • SHA1

      e665541b8674e2572727bd406a431867d4c1b1f4

    • SHA256

      5b222f93bde3f37c30e47ded515e9335a57887e4b2c47e367c817a90ca0d20cd

    • SHA512

      22ddf5e30179377644a6a59b57c9d7fbea0713f1518ff42c8c4a0e889493ff73a41693525f695b43efffc93f20a5f668cf704a59aa49e34b63f8f8a016739492

    Score
    3/10

MITRE ATT&CK Enterprise v6

Tasks