Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Launcher.exe

  • Size

    5.1MB

  • Sample

    240712-sc86ha1blb

  • MD5

    4fe98ba44e242b415dd4a8b8ce3f8e27

  • SHA1

    26b410ddefb59a478c7f61d6177ac7e917a98087

  • SHA256

    a923d8121f36eb7f81efdf2331e4cefe9034453071b80215f93b56e55a19ccaa

  • SHA512

    175b4635f26d3d7427a4c49dc14b10dd050cb11998a069b731f182b4acc0778f0bbee797f1d5763eb2f88c17a012bbfae5fe3b5995367b3a7bbd10b774cdb497

  • SSDEEP

    98304:UQ1N+4GEmF1sYAbLC+MZHTL3wufv6wrreMUj1iy4x74/bAV6Io:BHAsYAb2+KL3aWrv6Qy4F4cV69

Malware Config

Targets

    • Target

      Launcher.exe

    • Size

      5.1MB

    • MD5

      4fe98ba44e242b415dd4a8b8ce3f8e27

    • SHA1

      26b410ddefb59a478c7f61d6177ac7e917a98087

    • SHA256

      a923d8121f36eb7f81efdf2331e4cefe9034453071b80215f93b56e55a19ccaa

    • SHA512

      175b4635f26d3d7427a4c49dc14b10dd050cb11998a069b731f182b4acc0778f0bbee797f1d5763eb2f88c17a012bbfae5fe3b5995367b3a7bbd10b774cdb497

    • SSDEEP

      98304:UQ1N+4GEmF1sYAbLC+MZHTL3wufv6wrreMUj1iy4x74/bAV6Io:BHAsYAb2+KL3aWrv6Qy4F4cV69

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Creates new service(s)

    • Stops running service(s)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

    • Power Settings

      powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks