Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
7b56b03a973a7f1d05ae4936c945ddb59601fe808dd6149fd5d4571dda90ca7a
-
Size
11.4MB
-
Sample
231012-hqzh4seh92
-
MD5
83641f68c3d137c867ba96e05488a6f2
-
SHA1
1576f8241d3f3349940636951511c400021ed16f
-
SHA256
7b56b03a973a7f1d05ae4936c945ddb59601fe808dd6149fd5d4571dda90ca7a
-
SHA512
b682b4a7e8830349d63b9d0ee6cf340db1f2b31bbbaec0eb491ab2783ff6e2bb18c868d33ae6c19908e8612e91200cd525356e0216aed13ac4ca72525e0ef067
-
SSDEEP
196608:d+Vl3y6ZHYgg8K6RrpICn9UG8k7StZW4S80UehjyKmFyaculAMhxPuZOof:aVZHYaKorptn9X7SS4fn8aPAQ2Y
Static task
static1
Malware Config
Targets
-
-
Target
7b56b03a973a7f1d05ae4936c945ddb59601fe808dd6149fd5d4571dda90ca7a
-
Size
11.4MB
-
MD5
83641f68c3d137c867ba96e05488a6f2
-
SHA1
1576f8241d3f3349940636951511c400021ed16f
-
SHA256
7b56b03a973a7f1d05ae4936c945ddb59601fe808dd6149fd5d4571dda90ca7a
-
SHA512
b682b4a7e8830349d63b9d0ee6cf340db1f2b31bbbaec0eb491ab2783ff6e2bb18c868d33ae6c19908e8612e91200cd525356e0216aed13ac4ca72525e0ef067
-
SSDEEP
196608:d+Vl3y6ZHYgg8K6RrpICn9UG8k7StZW4S80UehjyKmFyaculAMhxPuZOof:aVZHYaKorptn9X7SS4fn8aPAQ2Y
-
Glupteba payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
XMRig Miner payload
-
Drops file in Drivers directory
-
Modifies Windows Firewall
-
Stops running service(s)
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Scheduled Task/Job
1