Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
file.exe
-
Size
299KB
-
Sample
230207-b2y86agh85
-
MD5
554879592dac3efc1711fab6d3af54ea
-
SHA1
e26c2828e08ac6f03f3061bdb22505bbcb41c99d
-
SHA256
cf08cb921f0bfdf2876df5f4691b06233515e150be0456b7d3ee5dee5e9d55e4
-
SHA512
f05f5d6fa132cc0180d3ee35d77ff1671c1ffde11b084fb9fa47592f7a20fe7c2b9fea2775286027b4c76bf4473e992c274743000f622b1b06f57eb9d5783151
-
SSDEEP
6144:nW/LvlQkaDpjZ+mg5exp7sCkuQj9+Rrga:W/LS3Dpd+mp5klj2U
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
file.exe
-
Size
299KB
-
MD5
554879592dac3efc1711fab6d3af54ea
-
SHA1
e26c2828e08ac6f03f3061bdb22505bbcb41c99d
-
SHA256
cf08cb921f0bfdf2876df5f4691b06233515e150be0456b7d3ee5dee5e9d55e4
-
SHA512
f05f5d6fa132cc0180d3ee35d77ff1671c1ffde11b084fb9fa47592f7a20fe7c2b9fea2775286027b4c76bf4473e992c274743000f622b1b06f57eb9d5783151
-
SSDEEP
6144:nW/LvlQkaDpjZ+mg5exp7sCkuQj9+Rrga:W/LS3Dpd+mp5klj2U
-
XMRig Miner payload
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-