Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

8c12a4053e...45.exe

windows7-x64

10

8c12a4053e...45.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    144s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    29/11/2024, 01:05 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8c12a4053e0f255b184eed53afd60d9e3102cdba178dbc6b54aeffb7b58dfa45.exe

  • Size

    9.8MB

  • MD5

    110c5d49efc5eb2db0e91490728d3be9

  • SHA1

    7fc790f7977b2e55a53d5f789d4098c71ef2025e

  • SHA256

    8c12a4053e0f255b184eed53afd60d9e3102cdba178dbc6b54aeffb7b58dfa45

  • SHA512

    78e5500d0b5ae36807f45912b2525df34e203c1f241702aaca5efc4167285c889fca632a2f6645afb62eef80830ff8bd2b81748cf3294eb62ac146fb448499e6

  • SSDEEP

    196608:za4i3zQL1CW+jMZczEN7QwgV7NUuvtYTDoBu40sxRxjAkt5o9:IM5CHMyU7QwgV7+uvtYTDoAhsxRRbo9

Score
10/10
metasploitbackdoordiscoverytrojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

10.84.142.252:1234

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Metasploit family
    metasploit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8c12a4053e0f255b184eed53afd60d9e3102cdba178dbc6b54aeffb7b58dfa45.exe
    "C:\Users\Admin\AppData\Local\Temp\8c12a4053e0f255b184eed53afd60d9e3102cdba178dbc6b54aeffb7b58dfa45.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2320
    • C:\Users\Admin\AppData\Local\Temp\is-8851K.tmp\8c12a4053e0f255b184eed53afd60d9e3102cdba178dbc6b54aeffb7b58dfa45.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-8851K.tmp\8c12a4053e0f255b184eed53afd60d9e3102cdba178dbc6b54aeffb7b58dfa45.tmp" /SL5="$40108,9469063,832512,C:\Users\Admin\AppData\Local\Temp\8c12a4053e0f255b184eed53afd60d9e3102cdba178dbc6b54aeffb7b58dfa45.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:2556

Network

    No results found
  • 10.84.142.252:1234
    8c12a4053e0f255b184eed53afd60d9e3102cdba178dbc6b54aeffb7b58dfa45.exe
    760 B
     15
No results found

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\is-8851K.tmp\8c12a4053e0f255b184eed53afd60d9e3102cdba178dbc6b54aeffb7b58dfa45.tmp
    Filesize

    3.1MB

    MD5

    b60c22298da5c99b9c165809d17a6b25

    SHA1

    7b0b68f4b63f0b1931e62ad2eeb0ddb4f5543b1d

    SHA256

    7528cd9ed88530129aecdbb962c4db242ae28a5a8abcfcea4d4a56b0288ac2d9

    SHA512

    85bd43cad22cf92821bc4e4a166f65ed5ed26ab7ea0f8c65233ea5d5a7151538fb29bef2d71d6fd2f1a3b99db59246cf9a08b3e645e9a0db0cfc0fe1d2648867

    Download Submit

  • memory/2320-12-0x0000000000400000-0x0000000000DE6000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2320-1-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2320-3-0x0000000000401000-0x00000000004B7000-memory.dmp

    Filesize

    728KB

    Download

  • memory/2320-2-0x0000000000400000-0x0000000000DE6000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2320-0-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2556-19-0x0000000000400000-0x000000000071C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2556-25-0x0000000000400000-0x000000000071C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2556-15-0x0000000000400000-0x000000000071C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2556-17-0x0000000000400000-0x000000000071C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2556-10-0x0000000000400000-0x000000000071C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2556-21-0x0000000000400000-0x000000000071C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2556-23-0x0000000000400000-0x000000000071C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2556-13-0x0000000000400000-0x000000000071C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2556-27-0x0000000000400000-0x000000000071C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2556-29-0x0000000000400000-0x000000000071C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2556-31-0x0000000000400000-0x000000000071C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2556-34-0x0000000000400000-0x000000000071C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2556-36-0x0000000000400000-0x000000000071C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2556-38-0x0000000000400000-0x000000000071C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2556-40-0x0000000000400000-0x000000000071C000-memory.dmp

    Filesize

    3.1MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.