Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
bd85a708785e2644c6e719041bfd53c3ae3f9820ea13f26e0ec08813769a1324
-
Size
756KB
-
Sample
231219-m71vqabdc9
-
MD5
d7be2192fc7cb22db8a2acdbf4bbdafe
-
SHA1
89d97962f8d193fcb91402574046304fbfe2e89f
-
SHA256
bd85a708785e2644c6e719041bfd53c3ae3f9820ea13f26e0ec08813769a1324
-
SHA512
e0da02125907eade276c6489af7bccfae29ab6d07a7936dc59d3fd041d723e2840a57197fea5ba11425c37f6fe0f36570610e13ce2d7ace7823955416de6d799
-
SSDEEP
12288:FNpszYhvXWSVJdMae3mUJUTOMsa+0zNOabK3ghMZtc6NS+0Ulk287/k/MjuLle:7hvJVJdMa1+wOmK3gglSjUlkVzuLs
Static task
static1
Behavioral task
behavioral1
Sample
bd85a708785e2644c6e719041bfd53c3ae3f9820ea13f26e0ec08813769a1324.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
bd85a708785e2644c6e719041bfd53c3ae3f9820ea13f26e0ec08813769a1324.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
metasploit
windows/reverse_tcp
103.116.46.219:25566
218.89.171.148:55472
Extracted
metasploit
encoder/shikata_ga_nai
Targets
-
-
Target
bd85a708785e2644c6e719041bfd53c3ae3f9820ea13f26e0ec08813769a1324
-
Size
756KB
-
MD5
d7be2192fc7cb22db8a2acdbf4bbdafe
-
SHA1
89d97962f8d193fcb91402574046304fbfe2e89f
-
SHA256
bd85a708785e2644c6e719041bfd53c3ae3f9820ea13f26e0ec08813769a1324
-
SHA512
e0da02125907eade276c6489af7bccfae29ab6d07a7936dc59d3fd041d723e2840a57197fea5ba11425c37f6fe0f36570610e13ce2d7ace7823955416de6d799
-
SSDEEP
12288:FNpszYhvXWSVJdMae3mUJUTOMsa+0zNOabK3ghMZtc6NS+0Ulk287/k/MjuLle:7hvJVJdMa1+wOmK3gglSjUlkVzuLs
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-