Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ce1b63640a790ae744465f4da7af75d0N.exe
-
Size
5.3MB
-
Sample
240913-c614zszgkf
-
MD5
ce1b63640a790ae744465f4da7af75d0
-
SHA1
dde7e919e329826d2bc0d2ff4ba01005ba48c52d
-
SHA256
d4c216bab338d7fa68e1b13e9eb4d63dc2360fd7403527834e6a4aed4fbfaf40
-
SHA512
aee4591fd5c0c477f577416a35ba2080cbb2d482efc5d5fc509761054495316cd41f6f97a30c999de36f6f5cda7a5d093add244d2e0a9b6210d152bd8793e741
-
SSDEEP
98304:34Gr/W2hRkTwVNt6MkTi+XAVd18EjU6+cVX6IwUu:3jr/TMwVNtaP4KEjl6S
Static task
static1
Behavioral task
behavioral1
Sample
ce1b63640a790ae744465f4da7af75d0N.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
ce1b63640a790ae744465f4da7af75d0N.exe
-
Size
5.3MB
-
MD5
ce1b63640a790ae744465f4da7af75d0
-
SHA1
dde7e919e329826d2bc0d2ff4ba01005ba48c52d
-
SHA256
d4c216bab338d7fa68e1b13e9eb4d63dc2360fd7403527834e6a4aed4fbfaf40
-
SHA512
aee4591fd5c0c477f577416a35ba2080cbb2d482efc5d5fc509761054495316cd41f6f97a30c999de36f6f5cda7a5d093add244d2e0a9b6210d152bd8793e741
-
SSDEEP
98304:34Gr/W2hRkTwVNt6MkTi+XAVd18EjU6+cVX6IwUu:3jr/TMwVNtaP4KEjl6S
-
XMRig Miner payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Creates new service(s)
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-