Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Behavioral task
behavioral1
Sample
5febf8dcbda6fa49f927b17c47acce604d3ebaf49be1b99250e5584663b643f3N.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
5febf8dcbda6fa49f927b17c47acce604d3ebaf49be1b99250e5584663b643f3N.exe
Resource
win10v2004-20241007-en
General
-
Target
5febf8dcbda6fa49f927b17c47acce604d3ebaf49be1b99250e5584663b643f3N.exe
-
Size
7KB
-
MD5
f586b5f7425c41d5ce269a8cafc369f0
-
SHA1
7cac99cd1aeb1155ed469618b7ed81ba1bb7fcbf
-
SHA256
5febf8dcbda6fa49f927b17c47acce604d3ebaf49be1b99250e5584663b643f3
-
SHA512
8006f7b6a20cbad402cc701750a74fd4f340ece4fcbcc213d9b67f017f26868743eaf70a7d56a2e3956ccd8e5916c5fd90ff2efe3b02e7487bae192f5c0a149d
-
SSDEEP
24:e5Y1rJ9u0/6jbnZo3kBQAVp6WkxYKPqTeNDMSCvOXpmB:v00ua3kBQo2xYbSD9C2kB
Malware Config
Extracted
metasploit
metasploit_stager
127.0.0.1:4444
Signatures
-
Metasploit family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 5febf8dcbda6fa49f927b17c47acce604d3ebaf49be1b99250e5584663b643f3N.exe
Files
-
5febf8dcbda6fa49f927b17c47acce604d3ebaf49be1b99250e5584663b643f3N.exe.exe windows:4 windows x64 arch:x64
b4c6fff030479aa3b12625be67bf4914
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
VirtualAlloc
ExitProcess
Sections
.text Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 132B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.llfx Size: 1024B - Virtual size: 632B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE