Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
7e9ccdf57f7fe03c9e2efd738b6490aabed53615f70a101a8c1cd008716fa6d2.zip
-
Size
178KB
-
Sample
231119-zj6ghsbd96
-
MD5
af12c7aa9a8e7b7d0af8dc4e5ecfa731
-
SHA1
90392fed00197e41ac7cf384e7adc30ac0da7780
-
SHA256
71f5ed5ba9b8b6461ab8446c318bf11d8a1b42cf13b02eda3f8cb4908cdd206d
-
SHA512
7f0ab69d1a27ac6eb80e7ae78007ddb4bc9db9a63680a4346654635fb1eecdae643a40c9beab8bd2c67331796d1137872403d2639ce296db7f678dde2b5c3d34
-
SSDEEP
3072:I9MCpdr7mXBPlUDHEiv9oPzg6/apydPjL2B6tLjtDFpFFcDuL3Gbrdt0cLHe8:ZSmxPlUFmzgIaMdP/4c/F7L3G/dt0cbp
Static task
static1
Behavioral task
behavioral1
Sample
7e9ccdf57f7fe03c9e2efd738b6490aabed53615f70a101a8c1cd008716fa6d2.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
7e9ccdf57f7fe03c9e2efd738b6490aabed53615f70a101a8c1cd008716fa6d2.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
7e9ccdf57f7fe03c9e2efd738b6490aabed53615f70a101a8c1cd008716fa6d2.exe
-
Size
338KB
-
MD5
5c5387efb7f70cd46012c6f8f4cc0e1a
-
SHA1
c2ad2a7be652d8b73cdeb794b498c03d8f783bc4
-
SHA256
7e9ccdf57f7fe03c9e2efd738b6490aabed53615f70a101a8c1cd008716fa6d2
-
SHA512
bc6a38573e87fc6bc7b945ee76f5b8102e5adfa1ff6262356212a0fb66f2b4cb071193df75f05da715627d1d4c5cb2cd733f786371bf271e5ee94f88557de65d
-
SSDEEP
3072:M9xApN8qo8I+HI0C+iUn9wYaA8MqfvJLAiT12Rerybp80C:wTqoQHIbYatRJLAiT3ry3
-
XMRig Miner payload
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2