Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    007376899.doc

  • Size

    44KB

  • Sample

    230525-pjbxssad7x

  • MD5

    608d39b18b489fa10792a8de9352159c

  • SHA1

    d1032109625af32b329e32a255212253467ebe91

  • SHA256

    3185876cb0717e3d8d6afadc8cbb2d439ad01cc3f4e172936b0d0ebc398c082c

  • SHA512

    8c036416d4bda2cd3c422dcf20aa3d3479fc8423b75ccf4ee0f8e32307a4060423cbef08a94d9e21a6ef101dafb0fd889530b6a226ce86d8b535b8d61dbeff72

  • SSDEEP

    384:JN3vsOiShav9M18m01y/6mqfoQh5khMP+BQaiPi6r84Ph4igyVkjM50j013t:J+9AP/bu5K3iPi6J7Hkj4j1

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

52.14.18.129:10324

Targets

    • Target

      007376899.doc

    • Size

      44KB

    • MD5

      608d39b18b489fa10792a8de9352159c

    • SHA1

      d1032109625af32b329e32a255212253467ebe91

    • SHA256

      3185876cb0717e3d8d6afadc8cbb2d439ad01cc3f4e172936b0d0ebc398c082c

    • SHA512

      8c036416d4bda2cd3c422dcf20aa3d3479fc8423b75ccf4ee0f8e32307a4060423cbef08a94d9e21a6ef101dafb0fd889530b6a226ce86d8b535b8d61dbeff72

    • SSDEEP

      384:JN3vsOiShav9M18m01y/6mqfoQh5khMP+BQaiPi6r84Ph4igyVkjM50j013t:J+9AP/bu5K3iPi6J7Hkj4j1

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v6

Tasks