Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2052-150-0x000001A9BB0E0000-0x000001A9BB0F0000-memory.dmp
-
Size
64KB
-
Sample
241106-tg9s9sslhy
-
MD5
2e511711556c84a5748e2a3c9508f79d
-
SHA1
793fd65b8ad3e3ff4d32b2a2a77873cdd2e51d14
-
SHA256
38933a739032b6ccbe0e7e21c2a3f68b26c87ec8f89e51701899099443affaf8
-
SHA512
ac49bf92e5ca38a776b2435eb502a8c04334f76a9d76f68e1c78b6d4edee9506959f840808884a71c17e45822e41b167c40de0a1b33caa8a4bed2775cdf274c7
-
SSDEEP
768:8TaTaHaxVq3LgGHk8qZHkvhxST9BeY0FWPG9tM6TOMh+7It:8TaT4a8gykRhWhx69BehFh9tM6TOMIk
Behavioral task
behavioral1
Sample
2052-150-0x000001A9BB0E0000-0x000001A9BB0F0000-memory.exe
Resource
win7-20240708-en
Malware Config
Extracted
xworm
5.0
6lFXjUqCtT3P20q9
-
install_file
wintousb.exe
Targets
-
-
Target
2052-150-0x000001A9BB0E0000-0x000001A9BB0F0000-memory.dmp
-
Size
64KB
-
MD5
2e511711556c84a5748e2a3c9508f79d
-
SHA1
793fd65b8ad3e3ff4d32b2a2a77873cdd2e51d14
-
SHA256
38933a739032b6ccbe0e7e21c2a3f68b26c87ec8f89e51701899099443affaf8
-
SHA512
ac49bf92e5ca38a776b2435eb502a8c04334f76a9d76f68e1c78b6d4edee9506959f840808884a71c17e45822e41b167c40de0a1b33caa8a4bed2775cdf274c7
-
SSDEEP
768:8TaTaHaxVq3LgGHk8qZHkvhxST9BeY0FWPG9tM6TOMh+7It:8TaT4a8gykRhWhx69BehFh9tM6TOMIk
-
Detect Xworm Payload
-
Xworm family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-