Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
nursultan by batchgx.exe
-
Size
31KB
-
Sample
240928-y8f3gsxhkc
-
MD5
e769f83e9296311f3a8499b34819afc3
-
SHA1
d70fddf8da48795ad84aa4fa75d681a1e2b06b9f
-
SHA256
f0e916dd6769b273107a1b0ae92099825116083fe3a3e502e5582fac159046a3
-
SHA512
c4749b93e9b8cff355f3fb79b2855c0558734887c606f8b4ac07b58d590323896d5e97c9e6aea58b7fe6d7f3ea375a6f9ec214fd25a646504693e62aada943ec
-
SSDEEP
384:RWrVqCDweO/ace/VgFpLJPgwDs2ETIiJ5R+gtFqBLTiZw/WNCvK9IkVuwxOjhf/:ZzT55ePJ5ZFr9RdOjhf/3vY
Behavioral task
behavioral1
Sample
nursultan by batchgx.exe
Resource
win11-20240802-en
Malware Config
Extracted
xworm
3.1
budget-compiled.gl.at.ply.gg:61672
clIqiypuJSXeSvTO
-
Install_directory
%AppData%
-
install_file
USB.exe
Targets
-
-
Target
nursultan by batchgx.exe
-
Size
31KB
-
MD5
e769f83e9296311f3a8499b34819afc3
-
SHA1
d70fddf8da48795ad84aa4fa75d681a1e2b06b9f
-
SHA256
f0e916dd6769b273107a1b0ae92099825116083fe3a3e502e5582fac159046a3
-
SHA512
c4749b93e9b8cff355f3fb79b2855c0558734887c606f8b4ac07b58d590323896d5e97c9e6aea58b7fe6d7f3ea375a6f9ec214fd25a646504693e62aada943ec
-
SSDEEP
384:RWrVqCDweO/ace/VgFpLJPgwDs2ETIiJ5R+gtFqBLTiZw/WNCvK9IkVuwxOjhf/:ZzT55ePJ5ZFr9RdOjhf/3vY
Score10/10-
Detect Xworm Payload
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-