Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    03c35e1ee1b0bf6340cdb45773c9fd3e

  • Size

    524KB

  • Sample

    231229-zq16dacbb4

  • MD5

    03c35e1ee1b0bf6340cdb45773c9fd3e

  • SHA1

    1338fb2e480eb7a42cc6e299948583012c48cad5

  • SHA256

    67e07368739819c893c0752d8dc1bc0c1f87764a711f18ceb9507162644a9393

  • SHA512

    36ed40208275a2e13704cd73ab61a58f1f5deb02d80e91c3840a8836b6070228ebdf0c017955a84912aaa64a14511f3032468e3c648b64f9db13af79d77fcad4

  • SSDEEP

    12288:JI0As/dcwf0e/GQAPCqtKbFeEFk88ho1RFR25Au14qsYBKBgMVkJoQg:W0F1cwfR/4tYk8HxR25+TYki1JoQg

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      03c35e1ee1b0bf6340cdb45773c9fd3e

    • Size

      524KB

    • MD5

      03c35e1ee1b0bf6340cdb45773c9fd3e

    • SHA1

      1338fb2e480eb7a42cc6e299948583012c48cad5

    • SHA256

      67e07368739819c893c0752d8dc1bc0c1f87764a711f18ceb9507162644a9393

    • SHA512

      36ed40208275a2e13704cd73ab61a58f1f5deb02d80e91c3840a8836b6070228ebdf0c017955a84912aaa64a14511f3032468e3c648b64f9db13af79d77fcad4

    • SSDEEP

      12288:JI0As/dcwf0e/GQAPCqtKbFeEFk88ho1RFR25Au14qsYBKBgMVkJoQg:W0F1cwfR/4tYk8HxR25+TYki1JoQg

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks