Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Launcher.exe
-
Size
5.1MB
-
Sample
240712-sc86ha1blb
-
MD5
4fe98ba44e242b415dd4a8b8ce3f8e27
-
SHA1
26b410ddefb59a478c7f61d6177ac7e917a98087
-
SHA256
a923d8121f36eb7f81efdf2331e4cefe9034453071b80215f93b56e55a19ccaa
-
SHA512
175b4635f26d3d7427a4c49dc14b10dd050cb11998a069b731f182b4acc0778f0bbee797f1d5763eb2f88c17a012bbfae5fe3b5995367b3a7bbd10b774cdb497
-
SSDEEP
98304:UQ1N+4GEmF1sYAbLC+MZHTL3wufv6wrreMUj1iy4x74/bAV6Io:BHAsYAb2+KL3aWrv6Qy4F4cV69
Static task
static1
Malware Config
Targets
-
-
Target
Launcher.exe
-
Size
5.1MB
-
MD5
4fe98ba44e242b415dd4a8b8ce3f8e27
-
SHA1
26b410ddefb59a478c7f61d6177ac7e917a98087
-
SHA256
a923d8121f36eb7f81efdf2331e4cefe9034453071b80215f93b56e55a19ccaa
-
SHA512
175b4635f26d3d7427a4c49dc14b10dd050cb11998a069b731f182b4acc0778f0bbee797f1d5763eb2f88c17a012bbfae5fe3b5995367b3a7bbd10b774cdb497
-
SSDEEP
98304:UQ1N+4GEmF1sYAbLC+MZHTL3wufv6wrreMUj1iy4x74/bAV6Io:BHAsYAb2+KL3aWrv6Qy4F4cV69
-
XMRig Miner payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Creates new service(s)
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-