Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f1879599f1fde03fa1f1db46364c2d0ff67e79507094f36b413790fe72159e33

  • Size

    69KB

  • Sample

    221204-brvszseb35

  • MD5

    bc3812883dc8c0dc2e55f8a7aa6fe782

  • SHA1

    cb61c72b438b5f4566c474a262518892521068cb

  • SHA256

    f1879599f1fde03fa1f1db46364c2d0ff67e79507094f36b413790fe72159e33

  • SHA512

    fafad395e94c0d647b00613dc91ddcdfd86ad2d0aa957f0c760330e02eecceb5367b34c4a4e77aef767bd6a059757c1cd83495f50c08c5219a8185ee7ae86cc0

  • SSDEEP

    1536:Fq3ZufbLDnb+Qnu+LKaLrEStwqjWKNaXEl4He2C:s3ZufbnnbdLKWrzjvNaXc2

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      f1879599f1fde03fa1f1db46364c2d0ff67e79507094f36b413790fe72159e33

    • Size

      69KB

    • MD5

      bc3812883dc8c0dc2e55f8a7aa6fe782

    • SHA1

      cb61c72b438b5f4566c474a262518892521068cb

    • SHA256

      f1879599f1fde03fa1f1db46364c2d0ff67e79507094f36b413790fe72159e33

    • SHA512

      fafad395e94c0d647b00613dc91ddcdfd86ad2d0aa957f0c760330e02eecceb5367b34c4a4e77aef767bd6a059757c1cd83495f50c08c5219a8185ee7ae86cc0

    • SSDEEP

      1536:Fq3ZufbLDnb+Qnu+LKaLrEStwqjWKNaXEl4He2C:s3ZufbnnbdLKWrzjvNaXc2

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Modifies security service

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks