Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    efae6470c5edb1cae4a29b9a2585282891a81f2fcfff1f4341b1d2d31d33bea8

  • Size

    556KB

  • Sample

    221003-asrbhsadgl

  • MD5

    31f540d71dc2736cbb800cff43614e5b

  • SHA1

    9030a350e82b54227bcacf87fe288a9e8494644a

  • SHA256

    efae6470c5edb1cae4a29b9a2585282891a81f2fcfff1f4341b1d2d31d33bea8

  • SHA512

    66f07dce6fbf0645f6d191173d75213f321ba4a74fd148742a03965646391b21233a867be21a34b9015876d0ff1b4177900936e05b5e1da27fedf6a387ff0471

  • SSDEEP

    12288:ecfgt23uT0QxsTPWXgFcG5jl7fwe91ngYdDsJyeqTWmhdnh:eugk3uw0sTPWQtjl7fwK1nBmyT

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      efae6470c5edb1cae4a29b9a2585282891a81f2fcfff1f4341b1d2d31d33bea8

    • Size

      556KB

    • MD5

      31f540d71dc2736cbb800cff43614e5b

    • SHA1

      9030a350e82b54227bcacf87fe288a9e8494644a

    • SHA256

      efae6470c5edb1cae4a29b9a2585282891a81f2fcfff1f4341b1d2d31d33bea8

    • SHA512

      66f07dce6fbf0645f6d191173d75213f321ba4a74fd148742a03965646391b21233a867be21a34b9015876d0ff1b4177900936e05b5e1da27fedf6a387ff0471

    • SSDEEP

      12288:ecfgt23uT0QxsTPWXgFcG5jl7fwe91ngYdDsJyeqTWmhdnh:eugk3uw0sTPWQtjl7fwK1nBmyT

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks