Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1a0f5dcc4e57278f186d686e26eb4f084891ea78880e65dec1cdfafe877dbf56

  • Size

    1.3MB

  • Sample

    230203-j7nzdagd81

  • MD5

    c18810c18d1f623b74e82019d7181fd9

  • SHA1

    c8164cb1553388dbea396f9faa15dc6b07f62c18

  • SHA256

    1a0f5dcc4e57278f186d686e26eb4f084891ea78880e65dec1cdfafe877dbf56

  • SHA512

    dad7f6777de9ddc55899c3f9fcf653faf2862c2e103cbf0ecc108e0de0d2da12d1c890b98614602302466bf1cbcd68dc1279d7bafe7f8e8c9390b32a02fd3a60

  • SSDEEP

    24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

Score
10/10

Malware Config

Targets

    • Target

      1a0f5dcc4e57278f186d686e26eb4f084891ea78880e65dec1cdfafe877dbf56

    • Size

      1.3MB

    • MD5

      c18810c18d1f623b74e82019d7181fd9

    • SHA1

      c8164cb1553388dbea396f9faa15dc6b07f62c18

    • SHA256

      1a0f5dcc4e57278f186d686e26eb4f084891ea78880e65dec1cdfafe877dbf56

    • SHA512

      dad7f6777de9ddc55899c3f9fcf653faf2862c2e103cbf0ecc108e0de0d2da12d1c890b98614602302466bf1cbcd68dc1279d7bafe7f8e8c9390b32a02fd3a60

    • SSDEEP

      24576:U2G/nvxW3Ww0t6TnzGmVBDh4+aknuRRZJND0gFJ4rD/IjC:UbA30GnzV/q+DnsXg

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks