Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
12s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
11/01/2025, 08:28
Behavioral task
behavioral1
Sample
BlackSploit.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
BlackSploit.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
� �1��-.pyc
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
� �1��-.pyc
Resource
win10v2004-20241007-en
General
-
Target
BlackSploit.exe
-
Size
6.0MB
-
MD5
b51e7a22a859ee46383706d5da7386cd
-
SHA1
ffe204e861581e88c5b4a040e0ecab267d85770f
-
SHA256
99d289bafdaa037e8752dfd5b691f0ae5d5b19b1ad412476136ee3a5cd4f6750
-
SHA512
f0b24f006f288a4579ba8b47ebde6f7275273c0bb23e1b2e0546e5528134147bddb3715e92e344d95db7de59fc1134a2948cd26214316eae37f9158507cc6721
-
SSDEEP
98304:DUIu4+Dc0d3mamaHl3Ne4i3gDUZnhhM7M+yvFaW9cIzaF6ARwDtyDe2HZMGZ3zlv:DXp+DX3PeNoInY7/sHfbRy9WGQWZQTk
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 2408 BlackSploit.exe -
resource yara_rule behavioral1/files/0x00050000000195af-21.dat upx behavioral1/memory/2408-23-0x000007FEF6B20000-0x000007FEF6F8E000-memory.dmp upx -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 432 wrote to memory of 2408 432 BlackSploit.exe 29 PID 432 wrote to memory of 2408 432 BlackSploit.exe 29 PID 432 wrote to memory of 2408 432 BlackSploit.exe 29
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.4MB
MD501988415e8fb076dcb4a0d0639b680d9
SHA191b40cffcfc892924ed59dc0664c527ff9d3f69c
SHA256b101db1ddd659b8d8ffd8b26422fde848d5b7846e0c236f051fadb9412de6e24
SHA512eab0c3ca4578751a671beb3da650b5e971a79798deb77472e42f43aa2bea7434ad5228a8fddbfff051ce05054dbf3422d418f42c80bc3640e0e4f43a0cf2ebbe