Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
24/08/2024, 17:55
240824-wheevsscrc 10General
-
Target
C11Executor23.exe
-
Size
527KB
-
Sample
240824-wheevsscrc
-
MD5
0ffa58adb9ae31cb401b933d52034066
-
SHA1
310a52338ae3aa6c13ae03243bf4d47941b26731
-
SHA256
ec67ac05b583618699ce3813ded3f4e6b2e321c6e6714565b1810ffeb0caa361
-
SHA512
2d8ea7646ca58710110585776a16b558e13568a42f71c56ced6110901e9fdf127f8ca2d2a598675005d6176caf827da6f90791c3b5a11235819f5f5d08e9ef10
-
SSDEEP
12288:G2TdgrOb9yGtn4yOH05wCU36pw5Htbh9D:GYiro430wH64N19
Behavioral task
behavioral1
Sample
C11Executor23.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
C11Executor23.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
C11Executor23.exe
-
Size
527KB
-
MD5
0ffa58adb9ae31cb401b933d52034066
-
SHA1
310a52338ae3aa6c13ae03243bf4d47941b26731
-
SHA256
ec67ac05b583618699ce3813ded3f4e6b2e321c6e6714565b1810ffeb0caa361
-
SHA512
2d8ea7646ca58710110585776a16b558e13568a42f71c56ced6110901e9fdf127f8ca2d2a598675005d6176caf827da6f90791c3b5a11235819f5f5d08e9ef10
-
SSDEEP
12288:G2TdgrOb9yGtn4yOH05wCU36pw5Htbh9D:GYiro430wH64N19
Score10/10-
Detect Xworm Payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1