Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

crmupgrade.exe

windows7-x64

10

crmupgrade.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    crmupgrade.exe

  • Size

    72KB

  • Sample

    240418-lpjytaaf8s

  • MD5

    134b5f62ed49e2303cbd41a4d7320361

  • SHA1

    1a1d6590ff7693b74d9087c32eb43f828307aa5a

  • SHA256

    8a14915fac57616e42690463a7553d3de1f7c0aede6d446632661e6a47818f00

  • SHA512

    642189f5dbdf5ea3fcbdd47f1a2f7123b216f26b0b555094ae809012626d57fb11a2dd932c82c2aff8192b5177626bc0aacc84449577de1c3f18f6b65f6330ab

  • SSDEEP

    1536:IqicVCAPk6ERM6/Az2aWc8AMMb+KR0Nc8QsJq39:kcVCmMctMe0Nc8QsC9

Score
10/10
metasploitbackdoortrojan

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

3.84.34.113:53

Targets

    • Target

      crmupgrade.exe

    • Size

      72KB

    • MD5

      134b5f62ed49e2303cbd41a4d7320361

    • SHA1

      1a1d6590ff7693b74d9087c32eb43f828307aa5a

    • SHA256

      8a14915fac57616e42690463a7553d3de1f7c0aede6d446632661e6a47818f00

    • SHA512

      642189f5dbdf5ea3fcbdd47f1a2f7123b216f26b0b555094ae809012626d57fb11a2dd932c82c2aff8192b5177626bc0aacc84449577de1c3f18f6b65f6330ab

    • SSDEEP

      1536:IqicVCAPk6ERM6/Az2aWc8AMMb+KR0Nc8QsJq39:kcVCmMctMe0Nc8QsC9

    Score
    10/10
    metasploitbackdoortrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks