Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
01/12/2024, 03:29
Behavioral task
behavioral1
Sample
473554339f94766234e9da39429e9877f0e3868c007a2e171b765d3fe03effbb.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
473554339f94766234e9da39429e9877f0e3868c007a2e171b765d3fe03effbb.exe
Resource
win10v2004-20241007-en
General
-
Target
473554339f94766234e9da39429e9877f0e3868c007a2e171b765d3fe03effbb.exe
-
Size
14KB
-
MD5
eb303aef56b76c4a8df476b204675d59
-
SHA1
54a7d4d42032c0847e560cc3ee7ef267cdcf917c
-
SHA256
473554339f94766234e9da39429e9877f0e3868c007a2e171b765d3fe03effbb
-
SHA512
ac6722d4a30e3766d9a624164fc07bc4aea179749b434f32b9e879e17723b9bef7444d793edf83ec17fd08e85cedf52dd994cdf34896ce4b2360207fb6307eb8
-
SSDEEP
192:pO9ZTxj4jSIpMdg5wGWEQP+sN9UaaIYCYbM0bDUY4:pOBj4jSIqi3QUDnb1b
Malware Config
Extracted
metasploit
windows/download_exec
http://192.168.196.144:10010/IPab
- headers User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1164 wrote to memory of 772 1164 473554339f94766234e9da39429e9877f0e3868c007a2e171b765d3fe03effbb.exe 31 PID 1164 wrote to memory of 772 1164 473554339f94766234e9da39429e9877f0e3868c007a2e171b765d3fe03effbb.exe 31 PID 1164 wrote to memory of 772 1164 473554339f94766234e9da39429e9877f0e3868c007a2e171b765d3fe03effbb.exe 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\473554339f94766234e9da39429e9877f0e3868c007a2e171b765d3fe03effbb.exe"C:\Users\Admin\AppData\Local\Temp\473554339f94766234e9da39429e9877f0e3868c007a2e171b765d3fe03effbb.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1164 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1164 -s 362⤵PID:772
-