Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
SecuriteInfo.com.Win32.CrypterX-gen.13041.27911.exe
-
Size
165KB
-
Sample
240708-srwhysvfrm
-
MD5
56781772c92e1822beec9faee18fadc9
-
SHA1
889af8e28ecda1df1e79c1f4abe533959b29a9db
-
SHA256
4f0a6b89e63437c52a7adf09a15950b3ba5b9d1d7c8791a8559721ae24875894
-
SHA512
7a46f160e3881578c8991ed07a746696738eb994b8f161796ef87081d1d6345927149f168197300750862564b672abaf522db193aa43d980aeef2abd115a460f
-
SSDEEP
3072:jJLNXOgUQ4IiNpjhmD/Sc11y5Td0Cfq/UVwE7wQWLc:NLNXXUki1mTUmH
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.CrypterX-gen.13041.27911.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.CrypterX-gen.13041.27911.exe
Resource
win10v2004-20240704-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
SecuriteInfo.com.Win32.CrypterX-gen.13041.27911.exe
-
Size
165KB
-
MD5
56781772c92e1822beec9faee18fadc9
-
SHA1
889af8e28ecda1df1e79c1f4abe533959b29a9db
-
SHA256
4f0a6b89e63437c52a7adf09a15950b3ba5b9d1d7c8791a8559721ae24875894
-
SHA512
7a46f160e3881578c8991ed07a746696738eb994b8f161796ef87081d1d6345927149f168197300750862564b672abaf522db193aa43d980aeef2abd115a460f
-
SSDEEP
3072:jJLNXOgUQ4IiNpjhmD/Sc11y5Td0Cfq/UVwE7wQWLc:NLNXXUki1mTUmH
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1