Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
file
-
Size
304KB
-
Sample
230703-3a4s4sad63
-
MD5
f7a4259a3b2ab96e30cb58c4e5cda3e6
-
SHA1
40bb757854553230616307cd50c811ac25ba535f
-
SHA256
3c7379928cdae48f4a016111467d0ecf2abba802e3e0003b79fa93dc48e62087
-
SHA512
3c0a22e0692c964013f3799686647cab9f37f88fe4121c18d18d9c62b33d52da612780fd69ff055d7b8104197ea7483294575ef996c3fe83cf4718aa4a9eae84
-
SSDEEP
3072:qnlW2D7U6wBsgnSPpXU1ReqVY9qnGw7nHHVKJ0TN6YrhHwCD25Gja:QU6gSRXU1lVY9SGink0NzrdDX
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20230703-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
file
-
Size
304KB
-
MD5
f7a4259a3b2ab96e30cb58c4e5cda3e6
-
SHA1
40bb757854553230616307cd50c811ac25ba535f
-
SHA256
3c7379928cdae48f4a016111467d0ecf2abba802e3e0003b79fa93dc48e62087
-
SHA512
3c0a22e0692c964013f3799686647cab9f37f88fe4121c18d18d9c62b33d52da612780fd69ff055d7b8104197ea7483294575ef996c3fe83cf4718aa4a9eae84
-
SSDEEP
3072:qnlW2D7U6wBsgnSPpXU1ReqVY9qnGw7nHHVKJ0TN6YrhHwCD25Gja:QU6gSRXU1lVY9SGink0NzrdDX
-
XMRig Miner payload
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-