Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

1dabe1d636...25.exe

windows7-x64

10

1dabe1d636...25.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 00:41 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1dabe1d6365a69240cc665e70cda4725.exe

  • Size

    1.0MB

  • MD5

    1dabe1d6365a69240cc665e70cda4725

  • SHA1

    442c421432cb782e4286c310c184707fa9efbf22

  • SHA256

    7bf404fe1bb92df0c7ae61277bc6f64d8762ee12f7ad548eb3162e98af912c2d

  • SHA512

    048931d2cb3dc0cf18196ef1c326ddcb4d4ff43f210570ef5977ba259fd2885de01ce434b80b259410642eb79967648235c570d97ba42a2571274e5b6df3cbf0

  • SSDEEP

    24576:ElgtHhqdaSb8wQaAfiz+uo6hsE2FwzOQyOXHYrh5z5O71PEbHO:E6tHodaYiaQPuoPGU3IRPEa

Score
10/10
metasploitbackdoorevasiontrojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Drops file in Drivers directory 2 IoCs
  • Checks BIOS information in registry 2 TTPs 1 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys 2 TTPs 1 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\1dabe1d6365a69240cc665e70cda4725.exe
    "C:\Users\Admin\AppData\Local\Temp\1dabe1d6365a69240cc665e70cda4725.exe"
    1⤵
    • Drops file in Drivers directory
    • Checks BIOS information in registry
    • Identifies Wine through registry keys
    PID:3016

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3016-0-0x0000000000400000-0x000000000068A000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/3016-4-0x0000000004180000-0x0000000004181000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3016-3-0x0000000004230000-0x0000000004231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3016-2-0x0000000004140000-0x0000000004142000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3016-1-0x0000000000400000-0x000000000068A000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/3016-9-0x0000000004260000-0x0000000004261000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3016-10-0x0000000004250000-0x0000000004252000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3016-8-0x0000000004150000-0x0000000004151000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3016-5-0x00000000041C0000-0x00000000041C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3016-11-0x0000000000400000-0x000000000068A000-memory.dmp

    Filesize

    2.5MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.