Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

37b5b3a304...08.exe

windows7-x64

10

37b5b3a304...08.exe

windows10-2004-x64

10

37d3fcd505...96.exe

windows7-x64

1

37d3fcd505...96.exe

windows10-2004-x64

1

37e1fc1ec8...90.exe

windows7-x64

10

37e1fc1ec8...90.exe

windows10-2004-x64

10

3806b87b25...f8.exe

windows7-x64

8

3806b87b25...f8.exe

windows10-2004-x64

8

3834ae494a...cf.exe

windows7-x64

10

3834ae494a...cf.exe

windows10-2004-x64

10

385f35ff50...3c.exe

windows7-x64

7

385f35ff50...3c.exe

windows10-2004-x64

7

38e8b4b129...cf.exe

windows7-x64

10

38e8b4b129...cf.exe

windows10-2004-x64

7

38f5cbcb2f...a0.exe

windows7-x64

10

38f5cbcb2f...a0.exe

windows10-2004-x64

10

38fa74b5c6...d1.exe

windows7-x64

10

38fa74b5c6...d1.exe

windows10-2004-x64

10

3925d50ec0...52.exe

windows7-x64

10

3925d50ec0...52.exe

windows10-2004-x64

10

3941105d7c...e6.exe

windows7-x64

10

3941105d7c...e6.exe

windows10-2004-x64

7

394f64ff5b...3e.exe

windows7-x64

10

394f64ff5b...3e.exe

windows10-2004-x64

10

39813551d3...ec.exe

windows7-x64

10

39813551d3...ec.exe

windows10-2004-x64

10

398d0de7a9...9d.exe

windows7-x64

1

398d0de7a9...9d.exe

windows10-2004-x64

1

39a387cb5e...2f.exe

windows7-x64

8

39a387cb5e...2f.exe

windows10-2004-x64

8

39a7f02d9e...aa.exe

windows7-x64

8

39a7f02d9e...aa.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    121s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    22/03/2025, 06:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    37b5b3a3044b6d582546b772fa8cee08.exe

  • Size

    41KB

  • MD5

    37b5b3a3044b6d582546b772fa8cee08

  • SHA1

    976fe55af8260423d47d07859655eafb46aee11f

  • SHA256

    45474924043bbf73569c9efb1273c22d37ce780eb8f53c5e8836e62c0b78abc5

  • SHA512

    34e9cf859769d2f0f0c0a83bad045b5392ac120e942040a9d9827b5dc80b4f27e4bf328628e542b28c1c1d2a13e9d07f5caa2ddc2f9f199498e89e38dd567f64

  • SSDEEP

    768:bHzZwCyfrD6QdI9Efsq2xFPw9b20h6sOuh5Pe1rpU:nC9vtdI2SFY9q0h6sOuz2rpU

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

127.0.0.1:51521

santifzm-51521.portmap.host:51521
Mutex

b72MvNSRMPJDN4rw

Attributes
  • Install_directory

    %AppData%

  • install_file

    XClient.exe

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm
  • Xworm family
    xworm
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\37b5b3a3044b6d582546b772fa8cee08.exe
    "C:\Users\Admin\AppData\Local\Temp\37b5b3a3044b6d582546b772fa8cee08.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1992-0-0x000007FEF6033000-0x000007FEF6034000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1992-1-0x0000000001210000-0x0000000001220000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1992-2-0x000007FEF6030000-0x000007FEF6A1C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1992-3-0x000007FEF6030000-0x000007FEF6A1C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1992-4-0x000007FEF6030000-0x000007FEF6A1C000-memory.dmp

    Filesize

    9.9MB

    Download