Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6a143506d1428a9d5ee2dc9e59bd5846060f3748742c314e2a9b7b7d67177524

  • Size

    253KB

  • Sample

    220919-bakxfshec7

  • MD5

    d72d29e17d55a0f5327ba3b310111f4c

  • SHA1

    b35f60396d2d01c0a1148601143acc1c916668b9

  • SHA256

    6a143506d1428a9d5ee2dc9e59bd5846060f3748742c314e2a9b7b7d67177524

  • SHA512

    49119148ec126a95f1560fd6b6e4c47ef1396bd75862a7210c63b70ce792fd08eac1715df7945a7af46b75c0cd78c460fe9e91e9bee8ac5b1a3c4daeaad8bda3

  • SSDEEP

    6144:7qXm9VZHAHjWm7LABGIwHeM8ce8dqTv7uNAab6xHUN:W2vZHADWVBGISercr0vCAauxHE

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      6a143506d1428a9d5ee2dc9e59bd5846060f3748742c314e2a9b7b7d67177524

    • Size

      253KB

    • MD5

      d72d29e17d55a0f5327ba3b310111f4c

    • SHA1

      b35f60396d2d01c0a1148601143acc1c916668b9

    • SHA256

      6a143506d1428a9d5ee2dc9e59bd5846060f3748742c314e2a9b7b7d67177524

    • SHA512

      49119148ec126a95f1560fd6b6e4c47ef1396bd75862a7210c63b70ce792fd08eac1715df7945a7af46b75c0cd78c460fe9e91e9bee8ac5b1a3c4daeaad8bda3

    • SSDEEP

      6144:7qXm9VZHAHjWm7LABGIwHeM8ce8dqTv7uNAab6xHUN:W2vZHADWVBGISercr0vCAauxHE

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Modifies firewall policy service

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.