Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
148s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
27/01/2024, 15:10
Behavioral task
behavioral1
Sample
bTmo.exe
Resource
win7-20231215-en
3 signatures
150 seconds
General
-
Target
bTmo.exe
-
Size
30KB
-
MD5
e0de04866829f56dab5f34ae06d225f7
-
SHA1
5003150c7d7fd5724bf4ee0d390c0d361776369e
-
SHA256
0e948e3d83e22df165afac4da052b45297f719a33f86c4c194958f59dad75a28
-
SHA512
4100fbe30f3013c81f842e190b9e36562d8a3cb157761933a90e7ea9e9a47f8a3562f086ae2f6a3cf62d795cca482a6516ab1bcfb2bc67517287579de6d3268d
-
SSDEEP
384:4ieAwIGmefcZWGl3nxe0XLZJkpJqXlYECwaiwQsbRugtFuBLTIOZw/WVwvn9IkVq:BHZrtxekwo1YETDJsbBFR9RTmOqhDbX
Malware Config
Extracted
Family
xworm
Version
3.0
C2
192.99.190.119:7000
Mutex
cpLbTz8tZXdGyy5w
Attributes
-
install_file
USB.exe
aes.plain
Signatures
-
Detect Xworm Payload 1 IoCs
resource yara_rule behavioral1/memory/1636-0-0x0000000000B30000-0x0000000000B3E000-memory.dmp family_xworm -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1636 bTmo.exe