Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
490a5522aeaf111abdbe2eaf8dec0ffd81a687c395dad12ddcb8a6616c7c7478.exe
-
Size
5.1MB
-
Sample
240528-rcdh6agc7v
-
MD5
3f7e36fa14bafefea46398ba14dd7e75
-
SHA1
856e0d0bcfb5f69fc9cf389a87aad6261b984e2b
-
SHA256
490a5522aeaf111abdbe2eaf8dec0ffd81a687c395dad12ddcb8a6616c7c7478
-
SHA512
9e107931cb63ce707e292c559b19be032820ae394fb89eae6747f9ae7328f8257017b4c70ead2fe5a2dba4b3ca7e178ac98e1e09f275400671aa4890535baa0c
-
SSDEEP
98304:M42JF1gJgj2q/g+8/sT09So2jrgKpW1KySLIfJKGh6G28VVEtXpSKrhwxMH+rt6v:+vil+8/s14/VsIfoB8VV8XHrSz6v
Static task
static1
Behavioral task
behavioral1
Sample
490a5522aeaf111abdbe2eaf8dec0ffd81a687c395dad12ddcb8a6616c7c7478.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
490a5522aeaf111abdbe2eaf8dec0ffd81a687c395dad12ddcb8a6616c7c7478.exe
-
Size
5.1MB
-
MD5
3f7e36fa14bafefea46398ba14dd7e75
-
SHA1
856e0d0bcfb5f69fc9cf389a87aad6261b984e2b
-
SHA256
490a5522aeaf111abdbe2eaf8dec0ffd81a687c395dad12ddcb8a6616c7c7478
-
SHA512
9e107931cb63ce707e292c559b19be032820ae394fb89eae6747f9ae7328f8257017b4c70ead2fe5a2dba4b3ca7e178ac98e1e09f275400671aa4890535baa0c
-
SSDEEP
98304:M42JF1gJgj2q/g+8/sT09So2jrgKpW1KySLIfJKGh6G28VVEtXpSKrhwxMH+rt6v:+vil+8/s14/VsIfoB8VV8XHrSz6v
-
XMRig Miner payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Creates new service(s)
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-