Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

New Text Document.exe

windows7-x64

1

New Text Document.exe

windows10-2004-x64

10

Resubmissions

28/11/2023, 00:20

231128-amwztadh9v 10

25/11/2023, 22:53

231125-2t11wsdf6v 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    New Text Document.zip

  • Size

    1KB

  • Sample

    231128-amwztadh9v

  • MD5

    3c8b819becd177edcbab3aaa436f1038

  • SHA1

    191e32ee0095c03ed38fb0cf656830eed585e53d

  • SHA256

    f5091b65f748236c24c4f1d289cfafe78236dfea4768929a1f1fa91b2e5d0779

  • SHA512

    a26c1b88243c14aad3e5d3cbddd63dcdd0ff00b0fa790db592ac89b3207220784cd77e861098448bc158816f8d352c139f7b1569441e4058170797ea3d0f0112

Score
10/10
xwormratthemidatrojanupx

Malware Config

Targets

    • Target

      New Text Document.exe

    • Size

      4KB

    • MD5

      a239a27c2169af388d4f5be6b52f272c

    • SHA1

      0feb9a0cd8c25f01d071e9b2cfc2ae7bd430318c

    • SHA256

      98e895f711226a32bfab152e224279d859799243845c46e550c2d32153c619fc

    • SHA512

      f30e1ff506cc4d729f7e24aa46e832938a5e21497f1f82f1b300d47f45dae7f1caef032237ef1f5ae9001195c43c0103e3ab787f9196c8397846c1dea8f351da

    • SSDEEP

      48:6r1huik0xzYGJZZJOQOulbfSqXSfbNtm:IIxcLpf6zNt

    Score
    10/10
    xwormratthemidatrojanupx

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks