Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
efae6470c5edb1cae4a29b9a2585282891a81f2fcfff1f4341b1d2d31d33bea8
-
Size
556KB
-
Sample
221003-asrbhsadgl
-
MD5
31f540d71dc2736cbb800cff43614e5b
-
SHA1
9030a350e82b54227bcacf87fe288a9e8494644a
-
SHA256
efae6470c5edb1cae4a29b9a2585282891a81f2fcfff1f4341b1d2d31d33bea8
-
SHA512
66f07dce6fbf0645f6d191173d75213f321ba4a74fd148742a03965646391b21233a867be21a34b9015876d0ff1b4177900936e05b5e1da27fedf6a387ff0471
-
SSDEEP
12288:ecfgt23uT0QxsTPWXgFcG5jl7fwe91ngYdDsJyeqTWmhdnh:eugk3uw0sTPWQtjl7fwK1nBmyT
Static task
static1
Behavioral task
behavioral1
Sample
efae6470c5edb1cae4a29b9a2585282891a81f2fcfff1f4341b1d2d31d33bea8.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
efae6470c5edb1cae4a29b9a2585282891a81f2fcfff1f4341b1d2d31d33bea8.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
efae6470c5edb1cae4a29b9a2585282891a81f2fcfff1f4341b1d2d31d33bea8
-
Size
556KB
-
MD5
31f540d71dc2736cbb800cff43614e5b
-
SHA1
9030a350e82b54227bcacf87fe288a9e8494644a
-
SHA256
efae6470c5edb1cae4a29b9a2585282891a81f2fcfff1f4341b1d2d31d33bea8
-
SHA512
66f07dce6fbf0645f6d191173d75213f321ba4a74fd148742a03965646391b21233a867be21a34b9015876d0ff1b4177900936e05b5e1da27fedf6a387ff0471
-
SSDEEP
12288:ecfgt23uT0QxsTPWXgFcG5jl7fwe91ngYdDsJyeqTWmhdnh:eugk3uw0sTPWQtjl7fwK1nBmyT
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-