Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
4ce2353420b3fef9a268a018a0b8bb5d4389bd7ff288c1168af812dd81b2d54a.zip
-
Size
128KB
-
Sample
230308-njfejsfe21
-
MD5
13bbf02907e83492ed385386d5074f03
-
SHA1
4569102d544c03401440cecbf976a9292e5c43dc
-
SHA256
cd17f61eb09451df8bfb022ba0580944c45ef5f096a8a16fd733b47293af3bee
-
SHA512
7a88bc27e836e4e5baa40b01085ae6e5b5d48c31df935857333c2f33bffabf89038b3a119d0df8d92d34f7294c66db8b1c6bad08e2be13e31cad83bf804bce2d
-
SSDEEP
3072:0rQvI+Jywd/+jjTKEsYbw0cVTbc/3PwIe8T4Q5KV:MQvIjwEjsWwjTAPw7tV
Static task
static1
Behavioral task
behavioral1
Sample
4ce2353420b3fef9a268a018a0b8bb5d4389bd7ff288c1168af812dd81b2d54a.exe
Resource
win7-20230220-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
4ce2353420b3fef9a268a018a0b8bb5d4389bd7ff288c1168af812dd81b2d54a.exe
-
Size
192KB
-
MD5
941c2c7de7a78108baf55e9a9c80db7a
-
SHA1
02d1c8e2027be98a452e2bc6c8e4f4359e114443
-
SHA256
4ce2353420b3fef9a268a018a0b8bb5d4389bd7ff288c1168af812dd81b2d54a
-
SHA512
2b0102f34315eb971d4ed7fa2ba60ccc0afdb1ebdea3548de2b91763d5b105cad984dad06b12a5c28ea36144dbd81071d69fb3833259a04763c8b398d0984ea7
-
SSDEEP
3072:A0Uyh0vf5cSHc/onUnPJaBOkSSgH+wIygCd8ZXQm25k5gFaJc3EB:Zph03LHc/yUPh4ogCigk5gj
-
XMRig Miner payload
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-