Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
08/03/2025, 18:23
General
-
Target
New folder/XWorm V3.0.exe
-
Size
7.1MB
-
MD5
71b0bb52ae4137c3e40dc802711e2acc
-
SHA1
e154869a5725806c2b12866479be8cf326d52116
-
SHA256
d1b0cb76d6ff1e54e5669cc3ba76ba6224be19e721cc61a9e223a596a9bb332f
-
SHA512
eea4513a347d9b2a5ee700388c34d9677869702384128b57e3299cff277b585fd713f4b44830c79da2b74ecc138d99c8aec9b4757d9dda6d3fa475a1dfdb6588
-
SSDEEP
196608:rJNE1b0RkLZvaU6ScXc4sqgCzlMNxKa+M9:rJt4vKSoiqgASNUP
Score
7/10
Malware Config
Signatures
-
.NET Reactor proctector 1 IoCs
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SendNotifyMessage 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\New folder\XWorm V3.0.exe"C:\Users\Admin\AppData\Local\Temp\New folder\XWorm V3.0.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
7.2MB
-
Filesize
9.9MB
-
Filesize
11.1MB
-
Filesize
9.9MB
-
Filesize
9.9MB
-
Filesize
4KB
-
Filesize
9.9MB
-
Filesize
9.9MB
-
Filesize
9.9MB