Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1f55469c3f411e773cfc817ada68421343bd21bdb9ba9b99904ba759e3bd7232

  • Size

    2.7MB

  • Sample

    240916-x9fyfawdkl

  • MD5

    cb774bd4732de28267dacc87b5539a4f

  • SHA1

    9ca2a8cee0b3e63a382a3086246213ade2b8a1b4

  • SHA256

    1f55469c3f411e773cfc817ada68421343bd21bdb9ba9b99904ba759e3bd7232

  • SHA512

    a2b0820fbf244d565a1b5c1307845769650867f0630060d6c084c2ad9279ec1b4ab54d29b7f7c551c7a1b365cda94c7ece24db98b1d770223cc5137ea55d9990

  • SSDEEP

    49152:1ZB1G8YSDQZfyI6jfYdZFSzqDm5qDYho6QADT5zFl5uy55Sl/HgIc9Cg03TGjytg:P3GTZfe+bSaCqkR5uy7qHgh1eTGgHA

Malware Config

Extracted

Family

metasploit

Version

metasploit_stager

C2

192.168.106.131:1111

Targets

    • Target

      1f55469c3f411e773cfc817ada68421343bd21bdb9ba9b99904ba759e3bd7232

    • Size

      2.7MB

    • MD5

      cb774bd4732de28267dacc87b5539a4f

    • SHA1

      9ca2a8cee0b3e63a382a3086246213ade2b8a1b4

    • SHA256

      1f55469c3f411e773cfc817ada68421343bd21bdb9ba9b99904ba759e3bd7232

    • SHA512

      a2b0820fbf244d565a1b5c1307845769650867f0630060d6c084c2ad9279ec1b4ab54d29b7f7c551c7a1b365cda94c7ece24db98b1d770223cc5137ea55d9990

    • SSDEEP

      49152:1ZB1G8YSDQZfyI6jfYdZFSzqDm5qDYho6QADT5zFl5uy55Sl/HgIc9Cg03TGjytg:P3GTZfe+bSaCqkR5uy7qHgh1eTGgHA

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks