Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    12s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    11/01/2025, 08:28

General

  • Target

    BlackSploit.exe

  • Size

    6.0MB

  • MD5

    b51e7a22a859ee46383706d5da7386cd

  • SHA1

    ffe204e861581e88c5b4a040e0ecab267d85770f

  • SHA256

    99d289bafdaa037e8752dfd5b691f0ae5d5b19b1ad412476136ee3a5cd4f6750

  • SHA512

    f0b24f006f288a4579ba8b47ebde6f7275273c0bb23e1b2e0546e5528134147bddb3715e92e344d95db7de59fc1134a2948cd26214316eae37f9158507cc6721

  • SSDEEP

    98304:DUIu4+Dc0d3mamaHl3Ne4i3gDUZnhhM7M+yvFaW9cIzaF6ARwDtyDe2HZMGZ3zlv:DXp+DX3PeNoInY7/sHfbRy9WGQWZQTk

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\BlackSploit.exe
    "C:\Users\Admin\AppData\Local\Temp\BlackSploit.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:432
    • C:\Users\Admin\AppData\Local\Temp\BlackSploit.exe
      "C:\Users\Admin\AppData\Local\Temp\BlackSploit.exe"
      2⤵
      • Loads dropped DLL
      PID:2408

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI4322\python310.dll

    Filesize

    1.4MB

    MD5

    01988415e8fb076dcb4a0d0639b680d9

    SHA1

    91b40cffcfc892924ed59dc0664c527ff9d3f69c

    SHA256

    b101db1ddd659b8d8ffd8b26422fde848d5b7846e0c236f051fadb9412de6e24

    SHA512

    eab0c3ca4578751a671beb3da650b5e971a79798deb77472e42f43aa2bea7434ad5228a8fddbfff051ce05054dbf3422d418f42c80bc3640e0e4f43a0cf2ebbe

  • memory/2408-23-0x000007FEF6B20000-0x000007FEF6F8E000-memory.dmp

    Filesize

    4.4MB