Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
5e2867075ab2ebe3b5d8b1648edabbf490a04ffc7de8808af20ae7729bc78950N
-
Size
2.6MB
-
Sample
241106-z2bpvsxkey
-
MD5
ea05c6995e79aae43764232ef54421f0
-
SHA1
8b6c4ec447bac2dddda3cd217fb694167999f845
-
SHA256
5e2867075ab2ebe3b5d8b1648edabbf490a04ffc7de8808af20ae7729bc78950
-
SHA512
e8c93c4d0c019ad8240dafe38e178346f334a9274faec09affc344cbd89d88761ad38531a309ca50068e995b4619f8be65d1acf91ee1565262be33ebce8f9556
-
SSDEEP
24576:Z5UPamUFkoXq5W3CQutB4a3R+Bolg0n1SIO/WmnlmSjviIGLnr5UekMl2:Z54amUuoXKOsB49l0nwI7mRGLdmMs
Static task
static1
Behavioral task
behavioral1
Sample
5e2867075ab2ebe3b5d8b1648edabbf490a04ffc7de8808af20ae7729bc78950N.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
5e2867075ab2ebe3b5d8b1648edabbf490a04ffc7de8808af20ae7729bc78950N.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
xworm
5.0
lJwpD1fBYJSaarUE
-
Install_directory
%Public%
-
install_file
Windows Security Health Host.exe
-
pastebin_url
https://pastebin.com/raw/nV1XKCv3
Targets
-
-
Target
5e2867075ab2ebe3b5d8b1648edabbf490a04ffc7de8808af20ae7729bc78950N
-
Size
2.6MB
-
MD5
ea05c6995e79aae43764232ef54421f0
-
SHA1
8b6c4ec447bac2dddda3cd217fb694167999f845
-
SHA256
5e2867075ab2ebe3b5d8b1648edabbf490a04ffc7de8808af20ae7729bc78950
-
SHA512
e8c93c4d0c019ad8240dafe38e178346f334a9274faec09affc344cbd89d88761ad38531a309ca50068e995b4619f8be65d1acf91ee1565262be33ebce8f9556
-
SSDEEP
24576:Z5UPamUFkoXq5W3CQutB4a3R+Bolg0n1SIO/WmnlmSjviIGLnr5UekMl2:Z54amUuoXKOsB49l0nwI7mRGLdmMs
Score10/10-
Detect Xworm Payload
-
Xworm family
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-