Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
09/03/2024, 12:43
Static task
static1
Behavioral task
behavioral1
Sample
bbd668fff3810c88a70f686b2ee7da99.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
bbd668fff3810c88a70f686b2ee7da99.exe
Resource
win10v2004-20240226-en
General
-
Target
bbd668fff3810c88a70f686b2ee7da99.exe
-
Size
76KB
-
MD5
bbd668fff3810c88a70f686b2ee7da99
-
SHA1
61e37acd8a82b56999304eadee10b6cbefcb483f
-
SHA256
b8589503320a67959d07b0742e4023bafb203435cd89afc76b4b56a1f8f6d2f5
-
SHA512
16bfe81d5bf775d694ac887c65ea556f2ec56d429e0556a0565e391ca3f20ceeb6efba21955e09bdea38cff8419dd846fb719cc648333b7b2e53ab9d1ebf5fab
-
SSDEEP
768:4NC7Rhm+7N7CjjwLWjACf275yrulwa6DOlfuX3J:4NC798j0LWjAWIgolGnJ
Malware Config
Extracted
metasploit
windows/single_exec
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1964 wrote to memory of 1936 1964 bbd668fff3810c88a70f686b2ee7da99.exe 29 PID 1964 wrote to memory of 1936 1964 bbd668fff3810c88a70f686b2ee7da99.exe 29 PID 1964 wrote to memory of 1936 1964 bbd668fff3810c88a70f686b2ee7da99.exe 29 PID 1964 wrote to memory of 1936 1964 bbd668fff3810c88a70f686b2ee7da99.exe 29