Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
9ca53afc226509ab5c17f883b2ec241126fc95b131910c4202a2c5b084336fa7_JC.exe
-
Size
197KB
-
Sample
231013-1ewl7add38
-
MD5
3a2a650e38e091c0f21e8fb091e60451
-
SHA1
284cf3e757a82b0feb43ad691a1efbfde7171193
-
SHA256
9ca53afc226509ab5c17f883b2ec241126fc95b131910c4202a2c5b084336fa7
-
SHA512
4d8fb291c9518f67dad7582898d55830933e04204fc622a9df326af572eb58fdefdb8bf42906d95f8173fd47af4f6eb35e2866555db9a320ee9b86365aba324a
-
SSDEEP
3072:bvDSLXr5TXHwa5yak5qVmnBczE2QwWgxp9f45K6cLTfN49Q:XSL7Nga5yXdBSEbpgxzHHLTV4i
Static task
static1
Behavioral task
behavioral1
Sample
9ca53afc226509ab5c17f883b2ec241126fc95b131910c4202a2c5b084336fa7_JC.exe
Resource
win7-20230831-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
9ca53afc226509ab5c17f883b2ec241126fc95b131910c4202a2c5b084336fa7_JC.exe
-
Size
197KB
-
MD5
3a2a650e38e091c0f21e8fb091e60451
-
SHA1
284cf3e757a82b0feb43ad691a1efbfde7171193
-
SHA256
9ca53afc226509ab5c17f883b2ec241126fc95b131910c4202a2c5b084336fa7
-
SHA512
4d8fb291c9518f67dad7582898d55830933e04204fc622a9df326af572eb58fdefdb8bf42906d95f8173fd47af4f6eb35e2866555db9a320ee9b86365aba324a
-
SSDEEP
3072:bvDSLXr5TXHwa5yak5qVmnBczE2QwWgxp9f45K6cLTfN49Q:XSL7Nga5yXdBSEbpgxzHHLTV4i
-
XMRig Miner payload
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2