Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3361935bbe0f9d1d4fd2cd52d0dcf65e1800fab297abac7341e450b6d407e8d8

  • Size

    100KB

  • Sample

    221121-sxh5tafe87

  • MD5

    0a211a2cb79a221b59cd53fa159350d2

  • SHA1

    9b34a62a248514dc64c1d91a0edb52fe29028a86

  • SHA256

    3361935bbe0f9d1d4fd2cd52d0dcf65e1800fab297abac7341e450b6d407e8d8

  • SHA512

    805c6c788a6cdac984278494c53e73c586f01902c9e1b5e5a5b89208ba9f710d378a97b861ba0ef19cebe3719cb93207792a9f495d23c91a15898339075859b0

  • SSDEEP

    1536:25zsDNdr46AqK/b7xMdIi8stfIEtJxPKWgd8kNycHWf:+67K/b1Qf86xPk8kscHWf

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      3361935bbe0f9d1d4fd2cd52d0dcf65e1800fab297abac7341e450b6d407e8d8

    • Size

      100KB

    • MD5

      0a211a2cb79a221b59cd53fa159350d2

    • SHA1

      9b34a62a248514dc64c1d91a0edb52fe29028a86

    • SHA256

      3361935bbe0f9d1d4fd2cd52d0dcf65e1800fab297abac7341e450b6d407e8d8

    • SHA512

      805c6c788a6cdac984278494c53e73c586f01902c9e1b5e5a5b89208ba9f710d378a97b861ba0ef19cebe3719cb93207792a9f495d23c91a15898339075859b0

    • SSDEEP

      1536:25zsDNdr46AqK/b7xMdIi8stfIEtJxPKWgd8kNycHWf:+67K/b1Qf86xPk8kscHWf

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Adds policy Run key to start application

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks