Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
781cf97025896c0aef788b6844587ca2b94602d68e50efea2abac50bbd066434_JC.exe
-
Size
606KB
-
Sample
231011-ne2f8adb83
-
MD5
c7b28f5f9fb6780fc0976a8383696818
-
SHA1
af6654f093fe2af97b024dfe8067e0aa8dc93816
-
SHA256
781cf97025896c0aef788b6844587ca2b94602d68e50efea2abac50bbd066434
-
SHA512
955e32a0171de8c527906559af067a4b5c25fc6a91ffcb9b1c57f934c82b7ab31885c6b82cf1610c8497b8350523a2316c12fcb8e6a68eb984a6684d4a15a841
-
SSDEEP
12288:NcrNS33L10QdrXjNfmDnDnCXgUcYfOfAFczhTjHsHLzuhV2Rj+TF:wNA3R5drXwDDuhcY7c9TSuhE4F
Static task
static1
Behavioral task
behavioral1
Sample
781cf97025896c0aef788b6844587ca2b94602d68e50efea2abac50bbd066434_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
781cf97025896c0aef788b6844587ca2b94602d68e50efea2abac50bbd066434_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
xworm
3.1
floptuytonroyem.sytes.net:7004
cEHiEYwUFLZIOeZI
-
install_file
USB.exe
Targets
-
-
Target
781cf97025896c0aef788b6844587ca2b94602d68e50efea2abac50bbd066434_JC.exe
-
Size
606KB
-
MD5
c7b28f5f9fb6780fc0976a8383696818
-
SHA1
af6654f093fe2af97b024dfe8067e0aa8dc93816
-
SHA256
781cf97025896c0aef788b6844587ca2b94602d68e50efea2abac50bbd066434
-
SHA512
955e32a0171de8c527906559af067a4b5c25fc6a91ffcb9b1c57f934c82b7ab31885c6b82cf1610c8497b8350523a2316c12fcb8e6a68eb984a6684d4a15a841
-
SSDEEP
12288:NcrNS33L10QdrXjNfmDnDnCXgUcYfOfAFczhTjHsHLzuhV2Rj+TF:wNA3R5drXwDDuhcY7c9TSuhE4F
-
Detect Xworm Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-