Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ced3c02a87991cb0112d9b4a7d73e0f00c9a8791de01da3e36e57e4cbd0644da

  • Size

    2.6MB

  • Sample

    240708-2cbdxavbma

  • MD5

    2ca30af5c55fea6eb038cbb655a1676c

  • SHA1

    a701d9464df02d1467b2a72557160c7b548206d5

  • SHA256

    ced3c02a87991cb0112d9b4a7d73e0f00c9a8791de01da3e36e57e4cbd0644da

  • SHA512

    fd7f6ae26c87724cff8eda2ae1d655fc0ab433a003989d187215bf7e48ebc5343c30a8accd2aa5ed98df0141a1502eb84ce5c04a9df223970fe4297168ee3e1c

  • SSDEEP

    12288:LJKxMQJjOyjk0OpGiGkHnYoLXFgHAVXqlxcXqkQ9Y7otV94QHN72u16MoCWaGTvH:sMCFdeLy4QHZH1jFWhXwM

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Targets

    • Target

      ced3c02a87991cb0112d9b4a7d73e0f00c9a8791de01da3e36e57e4cbd0644da

    • Size

      2.6MB

    • MD5

      2ca30af5c55fea6eb038cbb655a1676c

    • SHA1

      a701d9464df02d1467b2a72557160c7b548206d5

    • SHA256

      ced3c02a87991cb0112d9b4a7d73e0f00c9a8791de01da3e36e57e4cbd0644da

    • SHA512

      fd7f6ae26c87724cff8eda2ae1d655fc0ab433a003989d187215bf7e48ebc5343c30a8accd2aa5ed98df0141a1502eb84ce5c04a9df223970fe4297168ee3e1c

    • SSDEEP

      12288:LJKxMQJjOyjk0OpGiGkHnYoLXFgHAVXqlxcXqkQ9Y7otV94QHN72u16MoCWaGTvH:sMCFdeLy4QHZH1jFWhXwM

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Modifies security service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks