Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    cac7aabcf8785e719ec620c14653e427fe5f7ee500083b35a9675c6df71ec888

  • Size

    259KB

  • Sample

    221201-v85t3afg8t

  • MD5

    dc5960e94932cddb25a0118729234ec4

  • SHA1

    2615246d4d3832e0a1ad2bd8825300ae8153a14f

  • SHA256

    cac7aabcf8785e719ec620c14653e427fe5f7ee500083b35a9675c6df71ec888

  • SHA512

    604cda59a9758e8a35814bb6100f6be4f51d645e83ec9e269c8c29233de0cf90ea22f5eb2245bc8918a4506c47e32556ae2185456532d47abcf476115abeee33

  • SSDEEP

    3072:ybfupze+Lo2RuB/1fYlQHqzx806EhafJtRXpWOvB66EMxZkbw8eFLZBbsUYVayOl:4Oe+RR+NFKzDheL8gxqbbeFT

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      cac7aabcf8785e719ec620c14653e427fe5f7ee500083b35a9675c6df71ec888

    • Size

      259KB

    • MD5

      dc5960e94932cddb25a0118729234ec4

    • SHA1

      2615246d4d3832e0a1ad2bd8825300ae8153a14f

    • SHA256

      cac7aabcf8785e719ec620c14653e427fe5f7ee500083b35a9675c6df71ec888

    • SHA512

      604cda59a9758e8a35814bb6100f6be4f51d645e83ec9e269c8c29233de0cf90ea22f5eb2245bc8918a4506c47e32556ae2185456532d47abcf476115abeee33

    • SSDEEP

      3072:ybfupze+Lo2RuB/1fYlQHqzx806EhafJtRXpWOvB66EMxZkbw8eFLZBbsUYVayOl:4Oe+RR+NFKzDheL8gxqbbeFT

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Modifies firewall policy service

    • Executes dropped EXE

    • Sets file execution options in registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks