Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8fa39294fdb557ded34fd2364b49a75dd1195983c4b2e1dfc8343e696d8e9302

  • Size

    3.3MB

  • Sample

    240818-3c54ys1amf

  • MD5

    f7cfdb674df05992c5c7de2779c455d9

  • SHA1

    ee537d50e9c6d72983311d717428f761adb79072

  • SHA256

    8fa39294fdb557ded34fd2364b49a75dd1195983c4b2e1dfc8343e696d8e9302

  • SHA512

    3d6fa1152d1efe44f62ba41cd8a7bf7c492498ef4c60460df427defb5b1efa537a816a4497d76e4fb2348089fbf889c172af0d177a35403d4be578663ea878ce

  • SSDEEP

    98304:W1GO/iat+Z5EUvQA/L4QzGJX+TnSEwTbeSMqfI:W8OKatQEYQ8jqXWnyTvfI

Malware Config

Extracted

Family

metasploit

Version

metasploit_stager

C2

192.168.40.128:9999

Targets

    • Target

      8fa39294fdb557ded34fd2364b49a75dd1195983c4b2e1dfc8343e696d8e9302

    • Size

      3.3MB

    • MD5

      f7cfdb674df05992c5c7de2779c455d9

    • SHA1

      ee537d50e9c6d72983311d717428f761adb79072

    • SHA256

      8fa39294fdb557ded34fd2364b49a75dd1195983c4b2e1dfc8343e696d8e9302

    • SHA512

      3d6fa1152d1efe44f62ba41cd8a7bf7c492498ef4c60460df427defb5b1efa537a816a4497d76e4fb2348089fbf889c172af0d177a35403d4be578663ea878ce

    • SSDEEP

      98304:W1GO/iat+Z5EUvQA/L4QzGJX+TnSEwTbeSMqfI:W8OKatQEYQ8jqXWnyTvfI

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks