Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
912a9f5960f78c14a1bfe528860b5cc5.bin
-
Size
563KB
-
Sample
231114-czpglsga8w
-
MD5
0559bafa89a04e06653a01cdcb3672df
-
SHA1
8346447f999c7623bec2363da17442789359bbc3
-
SHA256
16a8928df1da51875715a7bf50162f5601b0a7e6ed357d5c5919188affaa7774
-
SHA512
56d416972f18e89477eb8f4786230b9e0b33dde5639ea1ee3e372348db5f334a563dfcfc1b97b58d063d0663649744152a1a27943dd05924a3a7e6d12982aa3d
-
SSDEEP
12288:vqpNGarSiq4wQ4CWz45VQKaMO3QRmphCRKXhahT6FgNNkN:ybDrBDw/gDZadZphMKXK6yPkN
Static task
static1
Behavioral task
behavioral1
Sample
4f49150cb8b4ed358d59ab2d9e15a6161b69658e45e54419c536dd77487a2fde.exe
Resource
win7-20231025-en
Behavioral task
behavioral2
Sample
4f49150cb8b4ed358d59ab2d9e15a6161b69658e45e54419c536dd77487a2fde.exe
Resource
win10v2004-20231023-en
Malware Config
Targets
-
-
Target
4f49150cb8b4ed358d59ab2d9e15a6161b69658e45e54419c536dd77487a2fde.exe
-
Size
753KB
-
MD5
912a9f5960f78c14a1bfe528860b5cc5
-
SHA1
6e23c3b72f56358efc066b6ae60d173902a0f033
-
SHA256
4f49150cb8b4ed358d59ab2d9e15a6161b69658e45e54419c536dd77487a2fde
-
SHA512
0b09a77600c9df2ece04e6ef4f5ff3ba2779b15f7a33bcfc4ee0c71ebcdbe16b5f9585ec931449427855131a1d265c1e8b76f27a341d0294ac921e3a5a7cd352
-
SSDEEP
12288:2ufjVpNKUF3OjhlYnf8KPGNaTp7WeqCdmgzKrQXOxTXbebLw7:2sGQOjhlYUUGkp7FzO
Score10/10-
Detect Xworm Payload
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-