Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

windows.cmd

windows7-x64

1

windows.cmd

windows10-1703-x64

10

windows.cmd

windows10-2004-x64

10

windows.cmd

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    windows.cmd

  • Size

    41KB

  • Sample

    240307-v98bksaa3v

  • MD5

    7c1a0a81ca6698741b4e63474dd92aec

  • SHA1

    b280133be4093e3b3e26f8d093b586c56b08c307

  • SHA256

    2a7ac0e5a3c13e07d3992907e86ec563a19f092fae7269b1eef0b8982ad66d5a

  • SHA512

    c34baf46f54d94784cb15ad47557143c379270a1d1fb9c1a0249afd6055e3416ac13315e9d53091f6f5a218572c22779989b6ebe5d572ee57876ceb22ef4f8d2

  • SSDEEP

    768:7hVuKGJcDLbuIQS1Bi9LA51oYuBZnYHUCpZs2P/FA220SIv7FSBCtY7YleBQl:7T3LbfQKqq/s2P/+220SID4oSYlWQl

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

3.1

C2

myday.duckdns.org:8895

Mutex

NMs5XoXNfsv6X5Qw

Attributes
  • install_file

    USB.exe

aes.plain

Targets

    • Target

      windows.cmd

    • Size

      41KB

    • MD5

      7c1a0a81ca6698741b4e63474dd92aec

    • SHA1

      b280133be4093e3b3e26f8d093b586c56b08c307

    • SHA256

      2a7ac0e5a3c13e07d3992907e86ec563a19f092fae7269b1eef0b8982ad66d5a

    • SHA512

      c34baf46f54d94784cb15ad47557143c379270a1d1fb9c1a0249afd6055e3416ac13315e9d53091f6f5a218572c22779989b6ebe5d572ee57876ceb22ef4f8d2

    • SSDEEP

      768:7hVuKGJcDLbuIQS1Bi9LA51oYuBZnYHUCpZs2P/FA220SIv7FSBCtY7YleBQl:7T3LbfQKqq/s2P/+220SID4oSYlWQl

    Score
    10/10
    xwormrattrojan

    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Blocklisted process makes network request

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Matrix

Tasks