Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

b9083ead1f...fb.exe

windows7-x64

10

b9083ead1f...fb.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    07/03/2024, 15:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b9083ead1fdc81269658a0442dff49fb.exe

  • Size

    29.7MB

  • MD5

    b9083ead1fdc81269658a0442dff49fb

  • SHA1

    baa1c6ce87d4d76c064e73092e9181c8077d4f80

  • SHA256

    ba739a3d29ccde2021633e2fba2269e2b97b3e232c2eb1af9b98f1dc44d1c45d

  • SHA512

    39363f9d96ada4e7560f69767ced220dc4953d3aa0a86d90bc5a440e2d60064c137eb877b8f977ecc06a222af634c9f3bd99c2bc1ccbcade7bb067b0ea38c425

  • SSDEEP

    786432:s3K9PPIR4mQfn287Yfvszax3uwR1CeNRgushjsoWUWKgGk5fk:wKBq4mQf28c2ax3Z7gZhjZWUWKgx5k

Score
10/10
metasploitbackdoortrojan

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

10.21.208.201:4444

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b9083ead1fdc81269658a0442dff49fb.exe
    "C:\Users\Admin\AppData\Local\Temp\b9083ead1fdc81269658a0442dff49fb.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2240
    • C:\Users\Admin\AppData\Local\Temp\is-JKCAG.tmp\b9083ead1fdc81269658a0442dff49fb.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-JKCAG.tmp\b9083ead1fdc81269658a0442dff49fb.tmp" /SL5="$80022,30377125,784384,C:\Users\Admin\AppData\Local\Temp\b9083ead1fdc81269658a0442dff49fb.exe"
      2⤵
      • Executes dropped EXE
      PID:1072

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\is-JKCAG.tmp\b9083ead1fdc81269658a0442dff49fb.tmp
    Filesize

    2.5MB

    MD5

    9f187b725e106f652cf03386e2dbe8b8

    SHA1

    b91069b36addea73f9cf736da74b838652254b22

    SHA256

    f763782d8b335afe19531efeb9f6dc49dd0cf500db78114f24b73b73150ad9c0

    SHA512

    354709fd04fc4a7064fce982786d35d4d0bf3f49874bb57b634fb6306e1e0df81b772b257a3bb72a5b5756d29e208d3952cfbe7cdad31eefee42f307cef83dd1

    Download Submit

  • memory/1072-10-0x00000000003C0000-0x00000000003C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1072-13-0x0000000000400000-0x0000000000688000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/1072-17-0x00000000003C0000-0x00000000003C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2240-1-0x00000000001D0000-0x00000000001D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2240-0-0x00000000001D0000-0x00000000001D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2240-3-0x0000000000400000-0x00000000021BE000-memory.dmp

    Filesize

    29.7MB

    Download

  • memory/2240-12-0x0000000000400000-0x00000000021BE000-memory.dmp

    Filesize

    29.7MB

    Download

  • memory/2240-15-0x00000000001D0000-0x00000000001D1000-memory.dmp

    Filesize

    4KB

    Download