Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
password.txt.lnk
-
Size
1KB
-
Sample
240516-lses9seg3y
-
MD5
a8d941db4a8f2301c661abff9d0121fa
-
SHA1
df5ccb18e15bea95a0b9588cf113e4219b15fe22
-
SHA256
3488fe12c3493039d9eddabf5fb04bf9bb3a54bcd591ab911857b602c85f2e66
-
SHA512
1f945f0ffea07dae942cc218ea603d9e8a21921513380c71c6a8b81ec88a6d955f4dd8ef6ac966248c0983872ef6e9fd88d866e1387fedb72e77b12c437eed2c
Static task
static1
Behavioral task
behavioral1
Sample
password.txt.lnk
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
password.txt.lnk
Resource
win7-20240508-en
Behavioral task
behavioral3
Sample
password.txt.lnk
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
password.txt.lnk
-
Size
1KB
-
MD5
a8d941db4a8f2301c661abff9d0121fa
-
SHA1
df5ccb18e15bea95a0b9588cf113e4219b15fe22
-
SHA256
3488fe12c3493039d9eddabf5fb04bf9bb3a54bcd591ab911857b602c85f2e66
-
SHA512
1f945f0ffea07dae942cc218ea603d9e8a21921513380c71c6a8b81ec88a6d955f4dd8ef6ac966248c0983872ef6e9fd88d866e1387fedb72e77b12c437eed2c
-
Detect Xworm Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Drops file in System32 directory
-