Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    cfdec725a493e23102e3f3ce6babbbc5260c4d399c6d9e1c8083720e4552cb07

  • Size

    246KB

  • Sample

    220919-x7yqgaebb4

  • MD5

    86e86de84654b601872d9abb44b61ca3

  • SHA1

    4a24163c53453e02480972d1ea19d14ca4b5fd56

  • SHA256

    cfdec725a493e23102e3f3ce6babbbc5260c4d399c6d9e1c8083720e4552cb07

  • SHA512

    cc1cdf14ffc346fe1317afa01803fb99e94b76e1955927d6e17e7c8077294db590586f82db93ddb04a1488b1a1cf6f08930d9e991f3a225fd3f7a83cc8b0bf79

  • SSDEEP

    3072:1U+VOoH6DX8xotADcUj9+lB2CoLIeh8oWRFQ81JShGtx1Y0btryX1BIeA7f/SU+Y:JH6z8hNaBVoLIjobAA0xy0ZylBY7HZP

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      cfdec725a493e23102e3f3ce6babbbc5260c4d399c6d9e1c8083720e4552cb07

    • Size

      246KB

    • MD5

      86e86de84654b601872d9abb44b61ca3

    • SHA1

      4a24163c53453e02480972d1ea19d14ca4b5fd56

    • SHA256

      cfdec725a493e23102e3f3ce6babbbc5260c4d399c6d9e1c8083720e4552cb07

    • SHA512

      cc1cdf14ffc346fe1317afa01803fb99e94b76e1955927d6e17e7c8077294db590586f82db93ddb04a1488b1a1cf6f08930d9e991f3a225fd3f7a83cc8b0bf79

    • SSDEEP

      3072:1U+VOoH6DX8xotADcUj9+lB2CoLIeh8oWRFQ81JShGtx1Y0btryX1BIeA7f/SU+Y:JH6z8hNaBVoLIjobAA0xy0ZylBY7HZP

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks