Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
106s -
max time network
115s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
23/11/2024, 23:09
Static task
static1
Behavioral task
behavioral1
Sample
b4800ab02486aeae26a0b40b2cf11ecb5237198f4d1384032ca7b507dea19dc5.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
b4800ab02486aeae26a0b40b2cf11ecb5237198f4d1384032ca7b507dea19dc5.exe
Resource
win10v2004-20241007-en
General
-
Target
b4800ab02486aeae26a0b40b2cf11ecb5237198f4d1384032ca7b507dea19dc5.exe
-
Size
1.1MB
-
MD5
065c18c0302274dfa9a323baf0e07103
-
SHA1
083800087096c6630e2c3278a949d94eb59669c8
-
SHA256
b4800ab02486aeae26a0b40b2cf11ecb5237198f4d1384032ca7b507dea19dc5
-
SHA512
0fc32f7a7e5060d747d44cd0ec716dc7546a6a0044ef884d7efe1cf431aa2fedf6a69eaf5f80de691f5cd0dea707235da7cac3cd35df9adc88d7643078190d52
-
SSDEEP
24576:+13gJnNiQQSA7Ph8NKvQUWqPU5EDvLJPjraFLR5ROWy:+WjrHKvQUTPjrkp7y
Malware Config
Extracted
metasploit
windows/reverse_http
http://10.0.2.4:80/8R_B1
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language b4800ab02486aeae26a0b40b2cf11ecb5237198f4d1384032ca7b507dea19dc5.exe