Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    55736222120fbe5b3939dc66bdbbb6d107c20a7aee368c5e97388f75b682500e

  • Size

    3.0MB

  • Sample

    240614-1hkn4a1bnl

  • MD5

    a95de94fed0c75a3a3f9a15ad14755bc

  • SHA1

    3d28710013ddd70ca03d3e49777777a8abc14320

  • SHA256

    55736222120fbe5b3939dc66bdbbb6d107c20a7aee368c5e97388f75b682500e

  • SHA512

    2388a7e308d073878a7a62894a67653f5c3cae4bb0f5b0dcd44e33c48d4592996725698dfbd99720435c6d59bb41db8a1fe5f772f7b259534b3138eef3a1e2ae

  • SSDEEP

    49152:71G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkyW10/w16BvZ+In:71ONtyBeSFkXV1etEKLlWUTOfeiRA2Rh

Malware Config

Targets

    • Target

      55736222120fbe5b3939dc66bdbbb6d107c20a7aee368c5e97388f75b682500e

    • Size

      3.0MB

    • MD5

      a95de94fed0c75a3a3f9a15ad14755bc

    • SHA1

      3d28710013ddd70ca03d3e49777777a8abc14320

    • SHA256

      55736222120fbe5b3939dc66bdbbb6d107c20a7aee368c5e97388f75b682500e

    • SHA512

      2388a7e308d073878a7a62894a67653f5c3cae4bb0f5b0dcd44e33c48d4592996725698dfbd99720435c6d59bb41db8a1fe5f772f7b259534b3138eef3a1e2ae

    • SSDEEP

      49152:71G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkyW10/w16BvZ+In:71ONtyBeSFkXV1etEKLlWUTOfeiRA2Rh

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • Detects executables containing URLs to raw contents of a Github gist

    • UPX dump on OEP (original entry point)

    • XMRig Miner payload

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks