Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    67c1c756bf985b3c0f4f3fb7ff90d010N.exe

  • Size

    1.8MB

  • Sample

    240722-f3rb6a1brp

  • MD5

    67c1c756bf985b3c0f4f3fb7ff90d010

  • SHA1

    e0ddac56e4551455a1c3c663a122deefcda79ad0

  • SHA256

    4ea61deb03187f0a209f9d79245298155b8ba276876b8efc323390fbaf5ba7eb

  • SHA512

    d5124be6cbbdfeb5fd3c711f996cb3873df287cad13a93710543ad937cb03aa2c8ce18b9d0811f5de6236aaff3117f5570d3ed62fab2bec73c77afb85dd406f2

  • SSDEEP

    24576:zv3/fTLF671TilQFG4P5PMkFfkeMlNIZbElhzBXeCnfJCwCc4MAKFpMlyapbhcy9:Lz071uv4BPMkFfdgIZohteLM0hj9dNvf

Malware Config

Targets

    • Target

      67c1c756bf985b3c0f4f3fb7ff90d010N.exe

    • Size

      1.8MB

    • MD5

      67c1c756bf985b3c0f4f3fb7ff90d010

    • SHA1

      e0ddac56e4551455a1c3c663a122deefcda79ad0

    • SHA256

      4ea61deb03187f0a209f9d79245298155b8ba276876b8efc323390fbaf5ba7eb

    • SHA512

      d5124be6cbbdfeb5fd3c711f996cb3873df287cad13a93710543ad937cb03aa2c8ce18b9d0811f5de6236aaff3117f5570d3ed62fab2bec73c77afb85dd406f2

    • SSDEEP

      24576:zv3/fTLF671TilQFG4P5PMkFfkeMlNIZbElhzBXeCnfJCwCc4MAKFpMlyapbhcy9:Lz071uv4BPMkFfdgIZohteLM0hj9dNvf

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks