Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
7676c93819e3fbexeexeexeex.exe
-
Size
8.1MB
-
Sample
230708-y8l9haah41
-
MD5
7676c93819e3fba566458677d29b3342
-
SHA1
b4ad74caf8c825aa0f083c3e588d050fcfc56ae5
-
SHA256
0ff18437b4b6872b2292d1e13280eb206050543e71d1e169132e4ed2ced0d778
-
SHA512
2a348d506c7eaec0380c3898ee50aecd91cd2e12a08e2d2ba5364ec8bbb5a5bcc47efddf322d3745423f427b800fc1995513461811f2f5f4a8b264c1c9629129
-
SSDEEP
196608:ylTPemknGzwHdOgEPHd9BYX/nivPlTXTYP:a3jz0E52/iv1
Behavioral task
behavioral1
Sample
7676c93819e3fbexeexeexeex.exe
Resource
win7-20230703-en
Malware Config
Targets
-
-
Target
7676c93819e3fbexeexeexeex.exe
-
Size
8.1MB
-
MD5
7676c93819e3fba566458677d29b3342
-
SHA1
b4ad74caf8c825aa0f083c3e588d050fcfc56ae5
-
SHA256
0ff18437b4b6872b2292d1e13280eb206050543e71d1e169132e4ed2ced0d778
-
SHA512
2a348d506c7eaec0380c3898ee50aecd91cd2e12a08e2d2ba5364ec8bbb5a5bcc47efddf322d3745423f427b800fc1995513461811f2f5f4a8b264c1c9629129
-
SSDEEP
196608:ylTPemknGzwHdOgEPHd9BYX/nivPlTXTYP:a3jz0E52/iv1
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Contacts a large (52502) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
XMRig Miner payload
-
mimikatz is an open source tool to dump credentials on Windows
-
Drops file in Drivers directory
-
Modifies Windows Firewall
-
Sets file execution options in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Creates a Windows Service
-
Drops file in System32 directory
-