Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
07/03/2024, 15:10
Static task
static1
Behavioral task
behavioral1
Sample
b9083ead1fdc81269658a0442dff49fb.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b9083ead1fdc81269658a0442dff49fb.exe
Resource
win10v2004-20240226-en
General
-
Target
b9083ead1fdc81269658a0442dff49fb.exe
-
Size
29.7MB
-
MD5
b9083ead1fdc81269658a0442dff49fb
-
SHA1
baa1c6ce87d4d76c064e73092e9181c8077d4f80
-
SHA256
ba739a3d29ccde2021633e2fba2269e2b97b3e232c2eb1af9b98f1dc44d1c45d
-
SHA512
39363f9d96ada4e7560f69767ced220dc4953d3aa0a86d90bc5a440e2d60064c137eb877b8f977ecc06a222af634c9f3bd99c2bc1ccbcade7bb067b0ea38c425
-
SSDEEP
786432:s3K9PPIR4mQfn287Yfvszax3uwR1CeNRgushjsoWUWKgGk5fk:wKBq4mQf28c2ax3Z7gZhjZWUWKgx5k
Malware Config
Extracted
metasploit
encoder/shikata_ga_nai
Extracted
metasploit
windows/reverse_tcp
10.21.208.201:4444
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Executes dropped EXE 1 IoCs
pid Process 3396 b9083ead1fdc81269658a0442dff49fb.tmp -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4948 wrote to memory of 3396 4948 b9083ead1fdc81269658a0442dff49fb.exe 92 PID 4948 wrote to memory of 3396 4948 b9083ead1fdc81269658a0442dff49fb.exe 92 PID 4948 wrote to memory of 3396 4948 b9083ead1fdc81269658a0442dff49fb.exe 92
Processes
-
C:\Users\Admin\AppData\Local\Temp\b9083ead1fdc81269658a0442dff49fb.exe"C:\Users\Admin\AppData\Local\Temp\b9083ead1fdc81269658a0442dff49fb.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4948 -
C:\Users\Admin\AppData\Local\Temp\is-EKBK6.tmp\b9083ead1fdc81269658a0442dff49fb.tmp"C:\Users\Admin\AppData\Local\Temp\is-EKBK6.tmp\b9083ead1fdc81269658a0442dff49fb.tmp" /SL5="$130226,30377125,784384,C:\Users\Admin\AppData\Local\Temp\b9083ead1fdc81269658a0442dff49fb.exe"2⤵
- Executes dropped EXE
PID:3396
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.5MB
MD59f187b725e106f652cf03386e2dbe8b8
SHA1b91069b36addea73f9cf736da74b838652254b22
SHA256f763782d8b335afe19531efeb9f6dc49dd0cf500db78114f24b73b73150ad9c0
SHA512354709fd04fc4a7064fce982786d35d4d0bf3f49874bb57b634fb6306e1e0df81b772b257a3bb72a5b5756d29e208d3952cfbe7cdad31eefee42f307cef83dd1