Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

42491951a3...1a.exe

windows7-x64

10

42491951a3...1a.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    105s
  • max time network
    114s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    11/12/2024, 08:49 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    42491951a30d419eb9c77204c5ab7df8b406d2b97c7a6a9645e2f62aa6194c1a.exe

  • Size

    7KB

  • MD5

    ff5dbb65321f6babd69b10b011c304d7

  • SHA1

    640a03da8129e79088360366ca2af1fe3ad5ba11

  • SHA256

    42491951a30d419eb9c77204c5ab7df8b406d2b97c7a6a9645e2f62aa6194c1a

  • SHA512

    b8289f51a4e9e959cf902d67d4278b7d19a19453d40b64e4994e9f9e16fe688668749a65f1745621196da8f3621d9672cf2334657529325e08c2735c9f98cef2

  • SSDEEP

    24:eFGStrJ9u0/6DmRnZd0BQAVS1RgV/Jn0HyMETpmBP:is0nh0BQPo/JCsIBP

Score
10/10
metasploitbackdoortrojan

Malware Config

Extracted

Family

metasploit

Version

metasploit_stager

C2

192.168.109.131:4444

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Metasploit family
    metasploit

Processes

  • C:\Users\Admin\AppData\Local\Temp\42491951a30d419eb9c77204c5ab7df8b406d2b97c7a6a9645e2f62aa6194c1a.exe
    "C:\Users\Admin\AppData\Local\Temp\42491951a30d419eb9c77204c5ab7df8b406d2b97c7a6a9645e2f62aa6194c1a.exe"
    1⤵
      PID:1892

    Network

      No results found
    • 192.168.109.131:4444
      42491951a30d419eb9c77204c5ab7df8b406d2b97c7a6a9645e2f62aa6194c1a.exe
      912 B
       18
    No results found

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1892-0-0x0000000140000000-0x00000001400042A0-memory.dmp

      Filesize

      16KB

      Download

    • memory/1892-1-0x0000000140000000-0x00000001400042A0-memory.dmp

      Filesize

      16KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.