Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2db57ce54e3c9ee09054c858d89e9300.bin
-
Size
205.9MB
-
Sample
231031-bzfc9sfh2x
-
MD5
2db57ce54e3c9ee09054c858d89e9300
-
SHA1
eceb2f537bed937badcd1ff64eff898584f1a238
-
SHA256
8374150f7e13d1cdc83fd837b81155268daa32c4cf645bbfa557f59c532d4e16
-
SHA512
331ad9ac464b4370f1497c387e33ac86dbffe0aff418f8e458ff528a10477ce865eefa07e7313f3cbaf06b98e6cf5dd308e2d53acfc77a373dffb401706e397d
-
SSDEEP
196608:Y+Q/XL8rMJqxd9aammTdhs5vARNEdwjRRj1iwXx1oW:Y+Q/b8rMJ2dMammJhs+EMRJiwXxP
Malware Config
Targets
-
-
Target
2db57ce54e3c9ee09054c858d89e9300.bin
-
Size
205.9MB
-
MD5
2db57ce54e3c9ee09054c858d89e9300
-
SHA1
eceb2f537bed937badcd1ff64eff898584f1a238
-
SHA256
8374150f7e13d1cdc83fd837b81155268daa32c4cf645bbfa557f59c532d4e16
-
SHA512
331ad9ac464b4370f1497c387e33ac86dbffe0aff418f8e458ff528a10477ce865eefa07e7313f3cbaf06b98e6cf5dd308e2d53acfc77a373dffb401706e397d
-
SSDEEP
196608:Y+Q/XL8rMJqxd9aammTdhs5vARNEdwjRRj1iwXx1oW:Y+Q/b8rMJ2dMammJhs+EMRJiwXxP
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
XMRig Miner payload
-
Stops running service(s)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Executes dropped EXE
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1