Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    490a5522aeaf111abdbe2eaf8dec0ffd81a687c395dad12ddcb8a6616c7c7478.exe

  • Size

    5.1MB

  • Sample

    240528-rcdh6agc7v

  • MD5

    3f7e36fa14bafefea46398ba14dd7e75

  • SHA1

    856e0d0bcfb5f69fc9cf389a87aad6261b984e2b

  • SHA256

    490a5522aeaf111abdbe2eaf8dec0ffd81a687c395dad12ddcb8a6616c7c7478

  • SHA512

    9e107931cb63ce707e292c559b19be032820ae394fb89eae6747f9ae7328f8257017b4c70ead2fe5a2dba4b3ca7e178ac98e1e09f275400671aa4890535baa0c

  • SSDEEP

    98304:M42JF1gJgj2q/g+8/sT09So2jrgKpW1KySLIfJKGh6G28VVEtXpSKrhwxMH+rt6v:+vil+8/s14/VsIfoB8VV8XHrSz6v

Malware Config

Targets

    • Target

      490a5522aeaf111abdbe2eaf8dec0ffd81a687c395dad12ddcb8a6616c7c7478.exe

    • Size

      5.1MB

    • MD5

      3f7e36fa14bafefea46398ba14dd7e75

    • SHA1

      856e0d0bcfb5f69fc9cf389a87aad6261b984e2b

    • SHA256

      490a5522aeaf111abdbe2eaf8dec0ffd81a687c395dad12ddcb8a6616c7c7478

    • SHA512

      9e107931cb63ce707e292c559b19be032820ae394fb89eae6747f9ae7328f8257017b4c70ead2fe5a2dba4b3ca7e178ac98e1e09f275400671aa4890535baa0c

    • SSDEEP

      98304:M42JF1gJgj2q/g+8/sT09So2jrgKpW1KySLIfJKGh6G28VVEtXpSKrhwxMH+rt6v:+vil+8/s14/VsIfoB8VV8XHrSz6v

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Creates new service(s)

    • Drops file in Drivers directory

    • Stops running service(s)

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks