Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20250217-en -
resource tags
arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system -
submitted
28/02/2025, 12:34
Behavioral task
behavioral1
Sample
MasonClient.exe
Resource
win7-20240903-en
5 signatures
150 seconds
General
-
Target
MasonClient.exe
-
Size
41KB
-
MD5
ab4e04ec92e45f2877d78094b542b8a4
-
SHA1
763692a06de1c997e68189b5375e2a73799f8a38
-
SHA256
7a6d79623432c84962f30d5ae00a8f3780068914b931f2e7107239cbaee278e7
-
SHA512
cba2a79d1e57a6baf5642c06bcc7a58c2e8de5496bd38b51aa157b2adf064a00e78bc309fec3dd809694508661d4512b0eb36d387458621f32a0393d55444e07
-
SSDEEP
768:S5yUdByAO99MsmYjrVkQ4yp83ErsQhJOhMeq7:SUP9bm4ZkQ83wbO6eq7
Malware Config
Extracted
Family
xworm
C2
127.0.0.1:1417
abolhb.com:5050
Mutex
2cjO6NrUsyQquDSI
Attributes
-
install_file
USB.exe
aes.plain
aes.plain
Signatures
-
Detect Xworm Payload 2 IoCs
resource yara_rule behavioral2/memory/2444-1-0x00000000000D0000-0x00000000000E0000-memory.dmp family_xworm behavioral2/memory/2444-3-0x0000000000A20000-0x0000000000A2E000-memory.dmp family_xworm -
Xworm family
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 35 raw.githubusercontent.com 36 raw.githubusercontent.com -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2444 MasonClient.exe