Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
78a9fe868da68c2b99d031d0e268062d07e5793f37e1a1d7f22eaf69cf2ef645N
-
Size
5.5MB
-
Sample
240927-d6vsmswfjc
-
MD5
dac0102fcb9fb02f7f6291cda42a4030
-
SHA1
c7aa519f4d39962f84e89e386e015925d66784fb
-
SHA256
78a9fe868da68c2b99d031d0e268062d07e5793f37e1a1d7f22eaf69cf2ef645
-
SHA512
053fb5b8309eea2326346eaae3cca3bf4df2f5fb85ba9ab0b314fdb645fe609b8a1a7e85e22e9546a6609b7904584849a22b3ac15805cc7a42000ce9f59c8355
-
SSDEEP
98304:xRjPz9KDzUU8O5/B/LJ25E9SVh86sS3TRknQ3ss2MApp9meypA3cPDu7:xFKoU8O5/b2XViSjX310SeyGc7u7
Static task
static1
Behavioral task
behavioral1
Sample
78a9fe868da68c2b99d031d0e268062d07e5793f37e1a1d7f22eaf69cf2ef645N.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
78a9fe868da68c2b99d031d0e268062d07e5793f37e1a1d7f22eaf69cf2ef645N
-
Size
5.5MB
-
MD5
dac0102fcb9fb02f7f6291cda42a4030
-
SHA1
c7aa519f4d39962f84e89e386e015925d66784fb
-
SHA256
78a9fe868da68c2b99d031d0e268062d07e5793f37e1a1d7f22eaf69cf2ef645
-
SHA512
053fb5b8309eea2326346eaae3cca3bf4df2f5fb85ba9ab0b314fdb645fe609b8a1a7e85e22e9546a6609b7904584849a22b3ac15805cc7a42000ce9f59c8355
-
SSDEEP
98304:xRjPz9KDzUU8O5/B/LJ25E9SVh86sS3TRknQ3ss2MApp9meypA3cPDu7:xFKoU8O5/b2XViSjX310SeyGc7u7
-
XMRig Miner payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Creates new service(s)
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-