Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
xPWSM8F.exe
-
Size
70.8MB
-
Sample
231117-sbz67sac23
-
MD5
47c228b9900b3e8e1003870522eaea2b
-
SHA1
960d1a57657f36a9a753c6382766df88fc58c863
-
SHA256
cf59ab9dca6ef991de0607df500104f652632b1a53b544d3d552e06ae82f3ba0
-
SHA512
312e617d3bf17360ab6b995cc955344de1db8f7c5f6109ffdbd9059239565d0eeafa1ae451267da79d9be65ef69a2c429ba5a71982ed1d97089c775f150d43ca
-
SSDEEP
1572864:l4/4rzOchPrLt7vTkb91TleGEyvH5lXLf8t7hyTahT6a/7:ykqcdrRrIR1TDpvH5xE9hDGa/7
Static task
static1
Behavioral task
behavioral1
Sample
xPWSM8F.exe
Resource
win10-20231020-en
Malware Config
Targets
-
-
Target
xPWSM8F.exe
-
Size
70.8MB
-
MD5
47c228b9900b3e8e1003870522eaea2b
-
SHA1
960d1a57657f36a9a753c6382766df88fc58c863
-
SHA256
cf59ab9dca6ef991de0607df500104f652632b1a53b544d3d552e06ae82f3ba0
-
SHA512
312e617d3bf17360ab6b995cc955344de1db8f7c5f6109ffdbd9059239565d0eeafa1ae451267da79d9be65ef69a2c429ba5a71982ed1d97089c775f150d43ca
-
SSDEEP
1572864:l4/4rzOchPrLt7vTkb91TleGEyvH5lXLf8t7hyTahT6a/7:ykqcdrRrIR1TDpvH5xE9hDGa/7
Score7/10-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
1