Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7668f27b796eb41c245cdf2b91c317c0N.exe

  • Size

    2.0MB

  • Sample

    240805-ljkm6asdmk

  • MD5

    7668f27b796eb41c245cdf2b91c317c0

  • SHA1

    3d34de99146f53d949afe524014742af45f7e6dc

  • SHA256

    8f36cb30c604cdbb70db2681ef0f845c08389cb563fc7f33471866d983e7baa6

  • SHA512

    bdfc5cf86e0830547ebe2cff933fd634fe0d920db2ff5b544bb58776a08c93a76cbb2e4070bf26cfe99e0dfe07bb612207516d4623ef756af209f211c8dc6bc5

  • SSDEEP

    49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82g1Vqxz/:NABH

Malware Config

Targets

    • Target

      7668f27b796eb41c245cdf2b91c317c0N.exe

    • Size

      2.0MB

    • MD5

      7668f27b796eb41c245cdf2b91c317c0

    • SHA1

      3d34de99146f53d949afe524014742af45f7e6dc

    • SHA256

      8f36cb30c604cdbb70db2681ef0f845c08389cb563fc7f33471866d983e7baa6

    • SHA512

      bdfc5cf86e0830547ebe2cff933fd634fe0d920db2ff5b544bb58776a08c93a76cbb2e4070bf26cfe99e0dfe07bb612207516d4623ef756af209f211c8dc6bc5

    • SSDEEP

      49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82g1Vqxz/:NABH

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks