Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
aa52d2b35d0a5669a54193a76d9fe9e1.exe
-
Size
1.7MB
-
Sample
240107-xxsfpscbgp
-
MD5
aa52d2b35d0a5669a54193a76d9fe9e1
-
SHA1
0ba13b228b47c078f172bcac4355aa72a43a80e5
-
SHA256
f00978e8456694b3548f25dde8b524ce6e4b0975494849cc35b88ada3f461111
-
SHA512
ec8f8f98dd34605c5a9bfa1ba6413531fa7d21f9136da1687581adfd8c839ae12dd077867efde4e5d89ab8687eeca345ad72701567fc9f79a1daca9ff920cc80
-
SSDEEP
49152:IdYddVDK5hUOMQKk1Er1E8dYdQTEdYdknvKZvB4VJZreDVJZre2:NVDQgFOPnvip4VzAVzx
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
aa52d2b35d0a5669a54193a76d9fe9e1.exe
-
Size
1.7MB
-
MD5
aa52d2b35d0a5669a54193a76d9fe9e1
-
SHA1
0ba13b228b47c078f172bcac4355aa72a43a80e5
-
SHA256
f00978e8456694b3548f25dde8b524ce6e4b0975494849cc35b88ada3f461111
-
SHA512
ec8f8f98dd34605c5a9bfa1ba6413531fa7d21f9136da1687581adfd8c839ae12dd077867efde4e5d89ab8687eeca345ad72701567fc9f79a1daca9ff920cc80
-
SSDEEP
49152:IdYddVDK5hUOMQKk1Er1E8dYdQTEdYdknvKZvB4VJZreDVJZre2:NVDQgFOPnvip4VzAVzx
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1