Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3e6ad3e0120a9b8881884abd51f2241a17a004deb38a8e734a6972a6bc9bfafd

  • Size

    2.0MB

  • Sample

    240703-zm678awhnq

  • MD5

    32212570dc60682063620f5d4672bccc

  • SHA1

    91c021d594c203104775269bbe01b89a9e8b573e

  • SHA256

    3e6ad3e0120a9b8881884abd51f2241a17a004deb38a8e734a6972a6bc9bfafd

  • SHA512

    a3ee0fbbf0d6174173d85167424a8b4b20f3e49c0a30ed0cb2c56a89afb49ff95a1974210db765240f4811b9775f093d02846c09801733bbe557212e2850fd95

  • SSDEEP

    49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82SIhmHJlp/:NABI

Malware Config

Targets

    • Target

      3e6ad3e0120a9b8881884abd51f2241a17a004deb38a8e734a6972a6bc9bfafd

    • Size

      2.0MB

    • MD5

      32212570dc60682063620f5d4672bccc

    • SHA1

      91c021d594c203104775269bbe01b89a9e8b573e

    • SHA256

      3e6ad3e0120a9b8881884abd51f2241a17a004deb38a8e734a6972a6bc9bfafd

    • SHA512

      a3ee0fbbf0d6174173d85167424a8b4b20f3e49c0a30ed0cb2c56a89afb49ff95a1974210db765240f4811b9775f093d02846c09801733bbe557212e2850fd95

    • SSDEEP

      49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82SIhmHJlp/:NABI

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks