Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
113s -
max time network
103s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
14/06/2023, 09:44
Static task
static1
Behavioral task
behavioral1
Sample
38.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
38.exe
Resource
win10v2004-20230220-en
General
-
Target
38.exe
-
Size
23KB
-
MD5
0066fb1a86e5848ca5e043e252b3a040
-
SHA1
cc39431161e86a93362f335ab39e6ca5f0a238b7
-
SHA256
9688f68fdce40e34f18156a1f3ce894b863ae8ea80c516b9ba92799bf1533e42
-
SHA512
a101a538af759bd14203745e26ee98d2023ebb7039d5dec9068f75119ed1dba0f6b1758ab94e0c18899def479188789347ebbf8c14d19675697fdd47d13dce3c
-
SSDEEP
384:QCCdmp4rCmTRmGJCfjnlfXGXaX7zycBFCiaVVdITODeSzWxCisRtZRFjq8DrVC3C:QCCyMR3JCrGccd1eYPv7Znjb0Gt
Malware Config
Extracted
metasploit
windows/shell_reverse_tcp
91.240.118.207:8080
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Checks BIOS information in registry 2 TTPs 1 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate 38.exe -
Checks processor information in registry 2 TTPs 6 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\FeatureSet 38.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz 38.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 38.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier 38.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString 38.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier 38.exe -
Enumerates system info in registry 2 TTPs 4 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS 38.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVendor 38.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSMajorRelease 38.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSMinorRelease 38.exe