Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9e59f7de57b8e831aed3f568e7ab8c90N.exe

  • Size

    1.5MB

  • Sample

    240806-nzpm6ayaqr

  • MD5

    9e59f7de57b8e831aed3f568e7ab8c90

  • SHA1

    4204b8361a9904531beaee1fa928d56f862f9367

  • SHA256

    27f606b4db33412fcdb69061bc508fdf8d8944ea110d474e5af8b901eb8d1584

  • SHA512

    e140f89189d108dd61fd40250bbab2f51618f936c0db7937fafdcc1a7dc0e0ac38f60ed9ae61a107353bef2fe15c51be603369e0ae5324e0a16e777c756a6f4a

  • SSDEEP

    24576:zv3/fTLF671TilQFG4P5PMkibTJH+2Q/ynKeWYsfLGrAvWWXkCV+1MKTbcMfHhGg:Lz071uv4BPMkibTIA5sf6r+WVc2HhG8d

Malware Config

Targets

    • Target

      9e59f7de57b8e831aed3f568e7ab8c90N.exe

    • Size

      1.5MB

    • MD5

      9e59f7de57b8e831aed3f568e7ab8c90

    • SHA1

      4204b8361a9904531beaee1fa928d56f862f9367

    • SHA256

      27f606b4db33412fcdb69061bc508fdf8d8944ea110d474e5af8b901eb8d1584

    • SHA512

      e140f89189d108dd61fd40250bbab2f51618f936c0db7937fafdcc1a7dc0e0ac38f60ed9ae61a107353bef2fe15c51be603369e0ae5324e0a16e777c756a6f4a

    • SSDEEP

      24576:zv3/fTLF671TilQFG4P5PMkibTJH+2Q/ynKeWYsfLGrAvWWXkCV+1MKTbcMfHhGg:Lz071uv4BPMkibTIA5sf6r+WVc2HhG8d

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks