Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0d0bb4cd3080ed4a39743d57010f04213f45413e13c7133549114383b47a7388

  • Size

    110KB

  • Sample

    221010-3m1xzsedgp

  • MD5

    7bffef60b33c169ac328c60c2f6737dd

  • SHA1

    704336b8ed363d4fd23eada2ad33af7d0e76bc7c

  • SHA256

    0d0bb4cd3080ed4a39743d57010f04213f45413e13c7133549114383b47a7388

  • SHA512

    5877f5c6a818b38b54516f0445276f4afddf774a2257f07c48b457656313d4648a24a6ed520c3789aa5fc0c0647c69d9a00cacafa6df6b353e6b6fb0ee1fc8a1

  • SSDEEP

    3072:AOTaDTUUJ511F6lmed2iFRtWP5DWRsfSh4RMW:fT8oUvWmedVRuqRTW

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      0d0bb4cd3080ed4a39743d57010f04213f45413e13c7133549114383b47a7388

    • Size

      110KB

    • MD5

      7bffef60b33c169ac328c60c2f6737dd

    • SHA1

      704336b8ed363d4fd23eada2ad33af7d0e76bc7c

    • SHA256

      0d0bb4cd3080ed4a39743d57010f04213f45413e13c7133549114383b47a7388

    • SHA512

      5877f5c6a818b38b54516f0445276f4afddf774a2257f07c48b457656313d4648a24a6ed520c3789aa5fc0c0647c69d9a00cacafa6df6b353e6b6fb0ee1fc8a1

    • SSDEEP

      3072:AOTaDTUUJ511F6lmed2iFRtWP5DWRsfSh4RMW:fT8oUvWmedVRuqRTW

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • UAC bypass

    • Adds policy Run key to start application

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks