Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
genshin_global.exe
-
Size
37.9MB
-
Sample
240113-qxb1dsaghj
-
MD5
82ebc7d0252a5361d7ca066be6551b93
-
SHA1
8f33fbbdd51b5dc5339c0eb2e414860cf6f04fd9
-
SHA256
bdad3c5e278a03a2f3109b84708819cc6a1f9f02ab1e83f07603f63f9916d6ce
-
SHA512
260777c752cb2d14f7c0f667c81f4a4c9d54331cfe5b574609c073180458bff25f0db1dc81bd4023df32d34a9856ec0f10e6feaf6966a2567aa9fc37f203704b
-
SSDEEP
786432:WQgBUWLP5jxIkTcypX3maertehppms20j17CfCCw6EGLdWiovCah5e7Y:TAUW1FIkwYXWjepmEj1yCDGLdW3aaPek
Malware Config
Targets
-
-
Target
genshin_global.exe
-
Size
37.9MB
-
MD5
82ebc7d0252a5361d7ca066be6551b93
-
SHA1
8f33fbbdd51b5dc5339c0eb2e414860cf6f04fd9
-
SHA256
bdad3c5e278a03a2f3109b84708819cc6a1f9f02ab1e83f07603f63f9916d6ce
-
SHA512
260777c752cb2d14f7c0f667c81f4a4c9d54331cfe5b574609c073180458bff25f0db1dc81bd4023df32d34a9856ec0f10e6feaf6966a2567aa9fc37f203704b
-
SSDEEP
786432:WQgBUWLP5jxIkTcypX3maertehppms20j17CfCCw6EGLdWiovCah5e7Y:TAUW1FIkwYXWjepmEj1yCDGLdW3aaPek
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Creates new service(s)
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
2Windows Service
2Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Scheduled Task/Job
1