Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

xPWSM8F.exe

windows10-1703-x64

7

Resubmissions

17/11/2023, 15:02

231117-seqf6sac32 7

17/11/2023, 14:57

231117-sbz67sac23 7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    xPWSM8F.exe

  • Size

    70.8MB

  • Sample

    231117-sbz67sac23

  • MD5

    47c228b9900b3e8e1003870522eaea2b

  • SHA1

    960d1a57657f36a9a753c6382766df88fc58c863

  • SHA256

    cf59ab9dca6ef991de0607df500104f652632b1a53b544d3d552e06ae82f3ba0

  • SHA512

    312e617d3bf17360ab6b995cc955344de1db8f7c5f6109ffdbd9059239565d0eeafa1ae451267da79d9be65ef69a2c429ba5a71982ed1d97089c775f150d43ca

  • SSDEEP

    1572864:l4/4rzOchPrLt7vTkb91TleGEyvH5lXLf8t7hyTahT6a/7:ykqcdrRrIR1TDpvH5xE9hDGa/7

Score
7/10
persistence

Malware Config

Targets

    • Target

      xPWSM8F.exe

    • Size

      70.8MB

    • MD5

      47c228b9900b3e8e1003870522eaea2b

    • SHA1

      960d1a57657f36a9a753c6382766df88fc58c863

    • SHA256

      cf59ab9dca6ef991de0607df500104f652632b1a53b544d3d552e06ae82f3ba0

    • SHA512

      312e617d3bf17360ab6b995cc955344de1db8f7c5f6109ffdbd9059239565d0eeafa1ae451267da79d9be65ef69a2c429ba5a71982ed1d97089c775f150d43ca

    • SSDEEP

      1572864:l4/4rzOchPrLt7vTkb91TleGEyvH5lXLf8t7hyTahT6a/7:ykqcdrRrIR1TDpvH5xE9hDGa/7

    Score
    7/10
    persistence

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks