Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
1f4d55b98a31413eb6ec577ac192dc53
-
Size
4.5MB
-
Sample
231225-bhcaaaghd8
-
MD5
1f4d55b98a31413eb6ec577ac192dc53
-
SHA1
1a798dc46efbfa02acc451999111717619023a5c
-
SHA256
b8409cd4c76480d62bb3abe797d9509dbdc2f6170dd065661ee86cc8fa19c95f
-
SHA512
eec08fed3b7aa0de3e7da0a71715da918fc57faa83f600a699d7846d53d68b4521d111f33fb1d665116a0dfe543b9ff3e4517e2c5a9cbb16521823d967e21208
-
SSDEEP
98304:nbHEpjqA1gg36zN2tMXsAdAV9Rl5FVo1cS4V9sNxOegkMn:nolqGE2tAS9NFVrV3UxOeMn
Static task
static1
Behavioral task
behavioral1
Sample
1f4d55b98a31413eb6ec577ac192dc53.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
1f4d55b98a31413eb6ec577ac192dc53.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
metasploit
windows/single_exec
Targets
-
-
Target
1f4d55b98a31413eb6ec577ac192dc53
-
Size
4.5MB
-
MD5
1f4d55b98a31413eb6ec577ac192dc53
-
SHA1
1a798dc46efbfa02acc451999111717619023a5c
-
SHA256
b8409cd4c76480d62bb3abe797d9509dbdc2f6170dd065661ee86cc8fa19c95f
-
SHA512
eec08fed3b7aa0de3e7da0a71715da918fc57faa83f600a699d7846d53d68b4521d111f33fb1d665116a0dfe543b9ff3e4517e2c5a9cbb16521823d967e21208
-
SSDEEP
98304:nbHEpjqA1gg36zN2tMXsAdAV9Rl5FVo1cS4V9sNxOegkMn:nolqGE2tAS9NFVrV3UxOeMn
-
Glupteba payload
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1