Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    71ad31aafce6b28d31c49f4b91b4f2073d84f9abb685aa099b0400c1e8d24316

  • Size

    1.3MB

  • Sample

    230203-el73xaea2y

  • MD5

    1f2904d7456d666adf6f91cba286eb40

  • SHA1

    170555e7f05ee791ad883128ccdb98dc94716e22

  • SHA256

    71ad31aafce6b28d31c49f4b91b4f2073d84f9abb685aa099b0400c1e8d24316

  • SHA512

    72f20bef6f6a49074ef4687354e0e883cf138f24a85010dc3bb924aca6e0ea55a4b11b604d1c6e105eb6d3bb3ed9507bcb908e6a8eda6220a6a96d0d2d83fc9c

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10

Malware Config

Targets

    • Target

      71ad31aafce6b28d31c49f4b91b4f2073d84f9abb685aa099b0400c1e8d24316

    • Size

      1.3MB

    • MD5

      1f2904d7456d666adf6f91cba286eb40

    • SHA1

      170555e7f05ee791ad883128ccdb98dc94716e22

    • SHA256

      71ad31aafce6b28d31c49f4b91b4f2073d84f9abb685aa099b0400c1e8d24316

    • SHA512

      72f20bef6f6a49074ef4687354e0e883cf138f24a85010dc3bb924aca6e0ea55a4b11b604d1c6e105eb6d3bb3ed9507bcb908e6a8eda6220a6a96d0d2d83fc9c

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks