Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    xworm.exe

  • Size

    227KB

  • Sample

    240820-s3ygpazeja

  • MD5

    f25ef9e7998ae6d7db70c919b1d9636b

  • SHA1

    572146d53d0d7b3c912bc6a24f458d67b77a53fe

  • SHA256

    7face24db4aa43220ebc4d3afb6c739307f8b653c686b829fb1cb6091695c113

  • SHA512

    d8682cdb5876f9ffe6aa8856d5ffa8c168afd25fc927781d80d129491fa04aabf045f01d13ffb51e3db9773367cc00fce466e1ef7af11bfc3d7af13df06cc17c

  • SSDEEP

    6144:YdAfHWAy5hne6jlVg1jCYRCuAOm6Tw8ym:Yqf7y5he6DkQutw8ym

Malware Config

Targets

    • Target

      xworm.exe

    • Size

      227KB

    • MD5

      f25ef9e7998ae6d7db70c919b1d9636b

    • SHA1

      572146d53d0d7b3c912bc6a24f458d67b77a53fe

    • SHA256

      7face24db4aa43220ebc4d3afb6c739307f8b653c686b829fb1cb6091695c113

    • SHA512

      d8682cdb5876f9ffe6aa8856d5ffa8c168afd25fc927781d80d129491fa04aabf045f01d13ffb51e3db9773367cc00fce466e1ef7af11bfc3d7af13df06cc17c

    • SSDEEP

      6144:YdAfHWAy5hne6jlVg1jCYRCuAOm6Tw8ym:Yqf7y5he6DkQutw8ym

    • Blocklisted process makes network request

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks