Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
4aecacc803e54cc06db8e3a84e910d5376f58867e2436eb68a19a9c203043bd2.exe
-
Size
1.4MB
-
Sample
241013-vqtn3sxgng
-
MD5
3dcc9cfed0a716b6ad3c4f4aaf1a1f46
-
SHA1
e512e9a92247439ca3bbb8e412ec46f191025b41
-
SHA256
4aecacc803e54cc06db8e3a84e910d5376f58867e2436eb68a19a9c203043bd2
-
SHA512
9400b6f93ea25a644be656d2a1d9d3ba7a44ba2abdeb2140e6428fcdd4ba198216628c094602684744de2293bcbfe7e323c6ad74e4d7c6e16c77b66d1f65666c
-
SSDEEP
24576:bvx5AU4Cte393UvHQbyGDfa1HSiSvcXKF41oVMz8f9ShSpwRs6MmgBXzAnPcWJ+G:bvPJ4Ue1IweVpSiGIec8Pr6MmgBX3H0g
Static task
static1
Behavioral task
behavioral1
Sample
4aecacc803e54cc06db8e3a84e910d5376f58867e2436eb68a19a9c203043bd2.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
4aecacc803e54cc06db8e3a84e910d5376f58867e2436eb68a19a9c203043bd2.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
xworm
5.0
authors-reflections.gl.at.ply.gg:19578
QxbISg5F4EKZB8tq
-
Install_directory
%AppData%
-
install_file
edge.exe
Targets
-
-
Target
4aecacc803e54cc06db8e3a84e910d5376f58867e2436eb68a19a9c203043bd2.exe
-
Size
1.4MB
-
MD5
3dcc9cfed0a716b6ad3c4f4aaf1a1f46
-
SHA1
e512e9a92247439ca3bbb8e412ec46f191025b41
-
SHA256
4aecacc803e54cc06db8e3a84e910d5376f58867e2436eb68a19a9c203043bd2
-
SHA512
9400b6f93ea25a644be656d2a1d9d3ba7a44ba2abdeb2140e6428fcdd4ba198216628c094602684744de2293bcbfe7e323c6ad74e4d7c6e16c77b66d1f65666c
-
SSDEEP
24576:bvx5AU4Cte393UvHQbyGDfa1HSiSvcXKF41oVMz8f9ShSpwRs6MmgBXzAnPcWJ+G:bvPJ4Ue1IweVpSiGIec8Pr6MmgBX3H0g
Score10/10-
Detect Xworm Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1