Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e79641743707b38c0ed707bf1f465265d58b9aa07097091b9354763d497a4037

  • Size

    1.2MB

  • Sample

    240920-3cz8psthlq

  • MD5

    1dd97a21e2abc11f3989cfe34d6474af

  • SHA1

    e56fee829e0b749bb2aabcc799c7fbe235c1b6ee

  • SHA256

    e79641743707b38c0ed707bf1f465265d58b9aa07097091b9354763d497a4037

  • SHA512

    efc125ae313a7b6026317f22956332a46a7ba8e6709309409720f1950cee6bc7864ddd125ccece26c5c54a9527bd981ec9a9bbb987ad110fd3f958ca4db30a07

  • SSDEEP

    24576:zv3/fTLF671TilQFG4P5PMkUCCWvLEvj7NaVAUNkJxzBMa:Lz071uv4BPMkHC0IaAzPSa

Malware Config

Targets

    • Target

      e79641743707b38c0ed707bf1f465265d58b9aa07097091b9354763d497a4037

    • Size

      1.2MB

    • MD5

      1dd97a21e2abc11f3989cfe34d6474af

    • SHA1

      e56fee829e0b749bb2aabcc799c7fbe235c1b6ee

    • SHA256

      e79641743707b38c0ed707bf1f465265d58b9aa07097091b9354763d497a4037

    • SHA512

      efc125ae313a7b6026317f22956332a46a7ba8e6709309409720f1950cee6bc7864ddd125ccece26c5c54a9527bd981ec9a9bbb987ad110fd3f958ca4db30a07

    • SSDEEP

      24576:zv3/fTLF671TilQFG4P5PMkUCCWvLEvj7NaVAUNkJxzBMa:Lz071uv4BPMkHC0IaAzPSa

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks