Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
file.exe
-
Size
300KB
-
Sample
230206-3jva2abe9x
-
MD5
82435e30b2928e8a32c2f20330bee382
-
SHA1
b4ca528936fa1e9fda728bfc9533d9ffc3db7206
-
SHA256
cd903b1243722f8e4ebfddbcb37e34449d678831ee454254cefe41bd41e742cc
-
SHA512
2a451d70a8bf7666d29e4efb24ec34b09a854fbcba491dffc32bbcde51cf91ce098d060cfd4ec3259f8659a574b281db2d8cbf03028d8698645ba8ea5128ec92
-
SSDEEP
3072:C5Mb6bGoL9DRGhqShWy4uVfto16XVk1D04h5Tk3Qh6CYuQjiMTE5Yrea6Zi:COFoL9gccWlmtbmLt6duQj9nreaE
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
file.exe
-
Size
300KB
-
MD5
82435e30b2928e8a32c2f20330bee382
-
SHA1
b4ca528936fa1e9fda728bfc9533d9ffc3db7206
-
SHA256
cd903b1243722f8e4ebfddbcb37e34449d678831ee454254cefe41bd41e742cc
-
SHA512
2a451d70a8bf7666d29e4efb24ec34b09a854fbcba491dffc32bbcde51cf91ce098d060cfd4ec3259f8659a574b281db2d8cbf03028d8698645ba8ea5128ec92
-
SSDEEP
3072:C5Mb6bGoL9DRGhqShWy4uVfto16XVk1D04h5Tk3Qh6CYuQjiMTE5Yrea6Zi:COFoL9gccWlmtbmLt6duQj9nreaE
-
XMRig Miner payload
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-