Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
cmd.exe
-
Size
17.7MB
-
Sample
241108-2zc61svjdr
-
MD5
eda1e5e0db3a2b4039541ef092343bc5
-
SHA1
a1e4baf01801b616c57abf1c53194aec548e925e
-
SHA256
20a2b53fa64b657e9b7ad71389ea2f6062ad5a98d69e77ec6071a573c479f770
-
SHA512
9379c389ce2f79d345e5f1ac79c281749b74e4d47d9490a2cd6d6f4802e6ffdfa0562f86a2b53b26399502abe20ca3500f1d815e098e4f47307612434b6523b4
-
SSDEEP
393216:JcofJHb9LhNy9Ihwu1wChdGKw+6j+XIqaEslSzrwy:JlfBb99NyLUP9NTs7y
Static task
static1
Behavioral task
behavioral1
Sample
cmd.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
cmd.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
cmd.exe
-
Size
17.7MB
-
MD5
eda1e5e0db3a2b4039541ef092343bc5
-
SHA1
a1e4baf01801b616c57abf1c53194aec548e925e
-
SHA256
20a2b53fa64b657e9b7ad71389ea2f6062ad5a98d69e77ec6071a573c479f770
-
SHA512
9379c389ce2f79d345e5f1ac79c281749b74e4d47d9490a2cd6d6f4802e6ffdfa0562f86a2b53b26399502abe20ca3500f1d815e098e4f47307612434b6523b4
-
SSDEEP
393216:JcofJHb9LhNy9Ihwu1wChdGKw+6j+XIqaEslSzrwy:JlfBb99NyLUP9NTs7y
-
Detect Xworm Payload
-
Xworm family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1