Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    93s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/12/2024, 04:14

General

  • Target

    fc364a556626ff589895ec8066596c31937bb5ab13262fcae9bdf4e6d958d7d6.exe

  • Size

    2.0MB

  • MD5

    492a9773bc7e588d9d6af185def38e86

  • SHA1

    9742cbf76e89c4c6b45c0a2b2150e9b1e84640c3

  • SHA256

    fc364a556626ff589895ec8066596c31937bb5ab13262fcae9bdf4e6d958d7d6

  • SHA512

    c0286d00ba3cfc4448707d36fac2274e970ceb59123d1286cea64acad82005415788c4f8ede33b84f510d032d3a5959ddbf75f9fd27d795f7f58a865409bdf24

  • SSDEEP

    24576:6whj2cfumIkEQC+8nefmhMEuvrk6fQCuGN9NyhXremx:FqcWmJvhEerkM8GK1

Malware Config

Extracted

Family

metasploit

Version

metasploit_stager

C2

192.168.168.129:8001

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

  • Metasploit family
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fc364a556626ff589895ec8066596c31937bb5ab13262fcae9bdf4e6d958d7d6.exe
    "C:\Users\Admin\AppData\Local\Temp\fc364a556626ff589895ec8066596c31937bb5ab13262fcae9bdf4e6d958d7d6.exe"
    1⤵
      PID:5004
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x300 0x2f8
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:32

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/5004-2-0x000000C000000000-0x000000C000400000-memory.dmp

      Filesize

      4.0MB

    • memory/5004-3-0x000000C000000000-0x000000C000400000-memory.dmp

      Filesize

      4.0MB