Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Behavioral task
behavioral1
Sample
20428817e336776e739fd2dafec5cd45e2b7c8ffabbbc840ac0fa2ce26b55019.exe
Resource
win7-20241010-en
General
-
Target
20428817e336776e739fd2dafec5cd45e2b7c8ffabbbc840ac0fa2ce26b55019.exe
-
Size
53KB
-
MD5
bea6f99060a151da90864ae96d3d1a95
-
SHA1
745cc417a866b7328f4e397b5a1eb879c6a192e4
-
SHA256
20428817e336776e739fd2dafec5cd45e2b7c8ffabbbc840ac0fa2ce26b55019
-
SHA512
0ec8e220ff4eae964415c4eb3ec556825332c2b53dbf3fd8e9700ec32ee16436fdedb21d1d45dbe84bea1c884adc1329eada55c401ee280c3ba99c4137cf0652
-
SSDEEP
768:EDotFM9Bohu4E30IqCHCThyhnJNf+VkbrC3OQITiYUkegOOh9fttp:hNu45CHmyhbSkbG+BiuOORtp
Malware Config
Extracted
xworm
127.0.0.1:52794
tcp://tannerdontplay-52794.portmap.host:52794:52794
-
install_file
USB.exe
Signatures
-
Detect Xworm Payload 1 IoCs
resource yara_rule sample family_xworm -
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 20428817e336776e739fd2dafec5cd45e2b7c8ffabbbc840ac0fa2ce26b55019.exe
Files
-
20428817e336776e739fd2dafec5cd45e2b7c8ffabbbc840ac0fa2ce26b55019.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ