Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

dc68571384...3e.exe

windows7-x64

10

dc68571384...3e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dc685713843da5bfcbfcc289456d2d9430cbdff9108a8d01b4759728cc5d813e

  • Size

    1.7MB

  • Sample

    250318-pcpkbawlw8

  • MD5

    7026ed6db478e504b8a3bcc554c32a87

  • SHA1

    1951ab06af8da8f2b0c33f7b221b0cb95d33250a

  • SHA256

    dc685713843da5bfcbfcc289456d2d9430cbdff9108a8d01b4759728cc5d813e

  • SHA512

    ad5fbf1d6aeb823bee4cdb0245579e98dfad23ef886c69840da73e5b8ed5636975e0ddb16004d335397f3d234ec33ec1e7de111d41294c1b46d58f3e5154d48d

  • SSDEEP

    24576:pilxhO8efwEYKcCXP+IrOOVjiSM39ey/XBPtkr//G5JGU6Nz/MdZOPSlL:UlU+KX+eOGjeYYxPtk/syEoPSl

Score
10/10
loaderbotxmrigdefense_evasiondiscoveryloaderminerpersistence

Malware Config

Targets

    • Target

      dc685713843da5bfcbfcc289456d2d9430cbdff9108a8d01b4759728cc5d813e

    • Size

      1.7MB

    • MD5

      7026ed6db478e504b8a3bcc554c32a87

    • SHA1

      1951ab06af8da8f2b0c33f7b221b0cb95d33250a

    • SHA256

      dc685713843da5bfcbfcc289456d2d9430cbdff9108a8d01b4759728cc5d813e

    • SHA512

      ad5fbf1d6aeb823bee4cdb0245579e98dfad23ef886c69840da73e5b8ed5636975e0ddb16004d335397f3d234ec33ec1e7de111d41294c1b46d58f3e5154d48d

    • SSDEEP

      24576:pilxhO8efwEYKcCXP+IrOOVjiSM39ey/XBPtkr//G5JGU6Nz/MdZOPSlL:UlU+KX+eOGjeYYxPtk/syEoPSl

    Score
    10/10
    loaderbotxmrigdefense_evasiondiscoveryloaderminerpersistence

    • LoaderBot

      LoaderBot is a loader written in .NET downloading and executing miners.

      loaderminerloaderbot

    • Loaderbot family

      loaderbot

    • Xmrig family

      xmrig

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      defense_evasion

    • XMRig Miner payload

      miner

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Cryptocurrency Miner

      Makes network request to known mining pool URL.

      miner

    • Drops startup file

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      defense_evasion

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks