metasploit | 0d0bb4cd3080ed4a39743d57010f04213f45413e13c7133549114383b47a7388 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

0d0bb4cd30...88.exe

windows7-x64

3

0d0bb4cd30...88.exe

windows10-2004-x64

Sharing

General

Target

0d0bb4cd3080ed4a39743d57010f04213f45413e13c7133549114383b47a7388
Size

110KB
Sample

221010-3m1xzsedgp
MD5

7bffef60b33c169ac328c60c2f6737dd
SHA1

704336b8ed363d4fd23eada2ad33af7d0e76bc7c
SHA256

0d0bb4cd3080ed4a39743d57010f04213f45413e13c7133549114383b47a7388
SHA512

5877f5c6a818b38b54516f0445276f4afddf774a2257f07c48b457656313d4648a24a6ed520c3789aa5fc0c0647c69d9a00cacafa6df6b353e6b6fb0ee1fc8a1
SSDEEP

3072:AOTaDTUUJ511F6lmed2iFRtWP5DWRsfSh4RMW:fT8oUvWmedVRuqRTW

Score

10^/10

metasploit backdoor evasion persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

0d0bb4cd3080ed4a39743d57010f04213f45413e13c7133549114383b47a7388.exe

Resource

win7-20220812-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

0d0bb4cd3080ed4a39743d57010f04213f45413e13c7133549114383b47a7388.exe

Resource

win10v2004-20220812-en

metasploit backdoor evasion persistence trojan upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  0d0bb4cd3080ed4a39743d57010f04213f45413e13c7133549114383b47a7388
- Size
  
  110KB
- MD5
  
  7bffef60b33c169ac328c60c2f6737dd
- SHA1
  
  704336b8ed363d4fd23eada2ad33af7d0e76bc7c
- SHA256
  
  0d0bb4cd3080ed4a39743d57010f04213f45413e13c7133549114383b47a7388
- SHA512
  
  5877f5c6a818b38b54516f0445276f4afddf774a2257f07c48b457656313d4648a24a6ed520c3789aa5fc0c0647c69d9a00cacafa6df6b353e6b6fb0ee1fc8a1
- SSDEEP
  
  3072:AOTaDTUUJ511F6lmed2iFRtWP5DWRsfSh4RMW:fT8oUvWmedVRuqRTW
Score

10^/10

metasploit backdoor evasion persistence trojan upx
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- UAC bypass
  evasion trojan
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

metasploitbackdoorevasionpersistencetrojanupx

© 2018-2025

Terms | Privacy