Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ExpressZipCompresionArchivos_ES.exe
-
Size
3.2MB
-
Sample
240116-rcbdssdff3
-
MD5
736c77aca8ad5748582d6f7bcd303052
-
SHA1
748e70f78377b6869c1e31527281ebbe999f1c97
-
SHA256
75c64e3854c9354fc41ea4f7f4b3ede9875174a02224e0082bcda3c2b7974616
-
SHA512
efe894161ab2b24c3ddc36fb02c7f3864e02d37549430961a8beaf5630aed3464ad1cc8fff74644857f1d56a5823a2604a059e897bc3498bf5d208ddc02b1bee
-
SSDEEP
49152:OwUvr25KNXEv+TCHkq+7dOcdQL1iFfsyT9cRuZ2+q4v+r961CGoet4c/1JIx9xqK:OLvCoBEv+TdzO1Wsy6RZHWL9h/YoZE
Static task
static1
Behavioral task
behavioral1
Sample
ExpressZipCompresionArchivos_ES.exe
Resource
win11-20231215-en
Malware Config
Extracted
njrat
0.7d
HacKed
dllsys.duckdns.org:3202
3b570ffeeb3d34249b9a5ce0ee58a328
-
reg_key
3b570ffeeb3d34249b9a5ce0ee58a328
-
splitter
svchost
Targets
-
-
Target
ExpressZipCompresionArchivos_ES.exe
-
Size
3.2MB
-
MD5
736c77aca8ad5748582d6f7bcd303052
-
SHA1
748e70f78377b6869c1e31527281ebbe999f1c97
-
SHA256
75c64e3854c9354fc41ea4f7f4b3ede9875174a02224e0082bcda3c2b7974616
-
SHA512
efe894161ab2b24c3ddc36fb02c7f3864e02d37549430961a8beaf5630aed3464ad1cc8fff74644857f1d56a5823a2604a059e897bc3498bf5d208ddc02b1bee
-
SSDEEP
49152:OwUvr25KNXEv+TCHkq+7dOcdQL1iFfsyT9cRuZ2+q4v+r961CGoet4c/1JIx9xqK:OLvCoBEv+TdzO1Wsy6RZHWL9h/YoZE
Score10/10-
Modifies Windows Firewall
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1