Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864

  • Size

    1.4MB

  • Sample

    240307-x1v11abg42

  • MD5

    b6db27452a77246b009fcb2cfc210082

  • SHA1

    894b29baf05597d2af3a584931399adfebf42cb7

  • SHA256

    400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864

  • SHA512

    f30468798f52f9b7f1e96b326727cc2ef9c329ffe4351ef569699e6373c3334fd0cedbe4bf9f56ce28b0c7f7624866d8f349130bb7f1a6a601768077851ade56

  • SSDEEP

    24576:RVIl/WDGCi7/qkat6Q5aILMCfmARvKYYwdy2VlmNCQgIT0rKiClUJxX7QcSbmZ1Y:ROdWCCi7/raZ5aIwC+Ax4ErWThiCmRbe

Score
10/10

Malware Config

Targets

    • Target

      400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864

    • Size

      1.4MB

    • MD5

      b6db27452a77246b009fcb2cfc210082

    • SHA1

      894b29baf05597d2af3a584931399adfebf42cb7

    • SHA256

      400b0ece07c5a3245c238bbb42fe3e45a7cb529fa3ccfd51be2c754d5bc26864

    • SHA512

      f30468798f52f9b7f1e96b326727cc2ef9c329ffe4351ef569699e6373c3334fd0cedbe4bf9f56ce28b0c7f7624866d8f349130bb7f1a6a601768077851ade56

    • SSDEEP

      24576:RVIl/WDGCi7/qkat6Q5aILMCfmARvKYYwdy2VlmNCQgIT0rKiClUJxX7QcSbmZ1Y:ROdWCCi7/raZ5aIwC+Ax4ErWThiCmRbe

    Score
    10/10
    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • UPX dump on OEP (original entry point)

    • XMRig Miner payload

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks