Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/06/2024, 00:39

General

  • Target

    61c13f3ffe72a28918f37099868ca108850e9eec62f77bfbadc4f14a715341be.exe

  • Size

    72KB

  • MD5

    df4ee4ac3dc60c6fa0686fd07e08a7ea

  • SHA1

    f940a74da4670739474c651e3a4a38583a0b9eba

  • SHA256

    61c13f3ffe72a28918f37099868ca108850e9eec62f77bfbadc4f14a715341be

  • SHA512

    76f3c858c6e4e4b38aeab67e4f48f9cc5cded3cfde81da9ff0ea6fc35d2d6004448281f5eb2be25765c7b11f7f2fe0092318d27b5d2b7524759e80856cabfd35

  • SSDEEP

    1536:IpGkEmG1ft56ly3dtc0bFUH4MTYMb+KR0Nc8QsJq39:M1E71fKI3dtc0bmYte0Nc8QsC9

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

193.168.44.55:4455

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

Processes

  • C:\Users\Admin\AppData\Local\Temp\61c13f3ffe72a28918f37099868ca108850e9eec62f77bfbadc4f14a715341be.exe
    "C:\Users\Admin\AppData\Local\Temp\61c13f3ffe72a28918f37099868ca108850e9eec62f77bfbadc4f14a715341be.exe"
    1⤵
      PID:4548

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4548-0-0x0000000000560000-0x0000000000561000-memory.dmp

      Filesize

      4KB