Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

88bc7b6a62...00.exe

windows7-x64

7

88bc7b6a62...00.exe

windows10-2004-x64

7

88cdf3a075...59.exe

windows7-x64

10

88cdf3a075...59.exe

windows10-2004-x64

10

89000a0d00...5b.exe

windows7-x64

10

89000a0d00...5b.exe

windows10-2004-x64

10

89270d6b49...b4.exe

windows7-x64

1

89270d6b49...b4.exe

windows10-2004-x64

1

892ac0ac36...51.exe

windows7-x64

8

892ac0ac36...51.exe

windows10-2004-x64

8

894b900bb7...92.exe

windows7-x64

8

894b900bb7...92.exe

windows10-2004-x64

8

896493118e...17.exe

windows7-x64

10

896493118e...17.exe

windows10-2004-x64

10

89652cefa9...84.exe

windows7-x64

3

89652cefa9...84.exe

windows10-2004-x64

10

897255af35...03.exe

windows7-x64

10

897255af35...03.exe

windows10-2004-x64

10

897b60be56...d4.exe

windows7-x64

6

897b60be56...d4.exe

windows10-2004-x64

6

89a1a21003...9d.exe

windows7-x64

3

89a1a21003...9d.exe

windows10-2004-x64

3

89ed231ad6...9a.exe

windows7-x64

10

89ed231ad6...9a.exe

windows10-2004-x64

10

8a4e1b5c29...83.exe

windows7-x64

10

8a4e1b5c29...83.exe

windows10-2004-x64

10

8a7ce080bb...ba.exe

windows7-x64

10

8a7ce080bb...ba.exe

windows10-2004-x64

10

8aa071d8cc...3d.exe

windows7-x64

7

8aa071d8cc...3d.exe

windows10-2004-x64

7

8acb86332d...4c.exe

windows7-x64

10

8acb86332d...4c.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    102s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250314-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/03/2025, 06:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8a7ce080bb43fc3edf2ddf3b300355ba.exe

  • Size

    45KB

  • MD5

    8a7ce080bb43fc3edf2ddf3b300355ba

  • SHA1

    3ec6ff2a02bce64cba006a78eea26a45d6e6069b

  • SHA256

    63effa621775c12ecdc162c446ff991027e7cae0f9c95d072d2b4648e1787611

  • SHA512

    3fad178c4cf054becb8e192c0c9d4286f92fc6b47791c370b1492d4434e6388d47af3617059517ee4c526e9e2a570d79a7c042755511554a45e5d4b4ea99d0c3

  • SSDEEP

    768:XJmGUxoBZyRCi0Vvxf7jCNZsorQF+t9eGIJ6iOChZbVgjT:5mjoBQs/VwWFw9fs6iOCXVG

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

Mutex

sqpNukyZ801PsE3K

Attributes
  • Install_directory

    %AppData%

  • install_file

    Startup.exe

  • pastebin_url

    https://pastebin.com/raw/7PqSDzWd

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm
  • Xworm family
    xworm
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8a7ce080bb43fc3edf2ddf3b300355ba.exe
    "C:\Users\Admin\AppData\Local\Temp\8a7ce080bb43fc3edf2ddf3b300355ba.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:5164

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/5164-0-0x00007FF981F73000-0x00007FF981F75000-memory.dmp

    Filesize

    8KB

    Download

  • memory/5164-1-0x0000000000820000-0x0000000000832000-memory.dmp

    Filesize

    72KB

    Download

  • memory/5164-2-0x00007FF981F70000-0x00007FF982A31000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/5164-3-0x00007FF981F70000-0x00007FF982A31000-memory.dmp

    Filesize

    10.8MB

    Download