Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
file.exe
-
Size
385KB
-
Sample
230210-yx89wsad6s
-
MD5
ba2cc72879e8642a04545a795cf2c154
-
SHA1
f0b9d522c0f6ab5eba74825d89c8c9a01ebc4202
-
SHA256
f2dc9e5e517f8be39cde8bb164f2d9ed51c814f6584511e996940f4746a874f6
-
SHA512
4e80c171ab5ed6aa2ba12a20dc9bca8d32768c10c0c1334f79df6b4203c9ebdf8ab85ec914da509d0da1d4f5dea4d7265d0acbd03749be5fe57b999c222c1bc9
-
SSDEEP
3072:xr8AV4Mha55dPRY9UWprNBSBajLjyVXl9nf6N58IUZK2UU7:dQ3h6qOqasXTnfW53AK
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
file.exe
-
Size
385KB
-
MD5
ba2cc72879e8642a04545a795cf2c154
-
SHA1
f0b9d522c0f6ab5eba74825d89c8c9a01ebc4202
-
SHA256
f2dc9e5e517f8be39cde8bb164f2d9ed51c814f6584511e996940f4746a874f6
-
SHA512
4e80c171ab5ed6aa2ba12a20dc9bca8d32768c10c0c1334f79df6b4203c9ebdf8ab85ec914da509d0da1d4f5dea4d7265d0acbd03749be5fe57b999c222c1bc9
-
SSDEEP
3072:xr8AV4Mha55dPRY9UWprNBSBajLjyVXl9nf6N58IUZK2UU7:dQ3h6qOqasXTnfW53AK
-
XMRig Miner payload
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-