Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ad869f865c93a6cc2927bcdd6e8f2fe0N.exe

  • Size

    1.9MB

  • Sample

    240806-qf2jqatgjc

  • MD5

    ad869f865c93a6cc2927bcdd6e8f2fe0

  • SHA1

    045cc343022f85ca518686108665cb4116cc245a

  • SHA256

    3ff44ce2fff47702c0f24c54d59762efc6cd1898df00a535291f155c72295d8e

  • SHA512

    b8da23af91eb8cb0691231b492c47c47a7a203876ea82e971907c6c06a0b37c1a7dfb5242c69275f58d52fb8cda2639b5d85f17d3b936ec62a262cff9170cb67

  • SSDEEP

    49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82g1VqaWVR:NABn

Malware Config

Targets

    • Target

      ad869f865c93a6cc2927bcdd6e8f2fe0N.exe

    • Size

      1.9MB

    • MD5

      ad869f865c93a6cc2927bcdd6e8f2fe0

    • SHA1

      045cc343022f85ca518686108665cb4116cc245a

    • SHA256

      3ff44ce2fff47702c0f24c54d59762efc6cd1898df00a535291f155c72295d8e

    • SHA512

      b8da23af91eb8cb0691231b492c47c47a7a203876ea82e971907c6c06a0b37c1a7dfb5242c69275f58d52fb8cda2639b5d85f17d3b936ec62a262cff9170cb67

    • SSDEEP

      49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82g1VqaWVR:NABn

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks