Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
105s -
max time network
101s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
20/01/2025, 09:42
Behavioral task
behavioral1
Sample
a5a978e2d598d997b451b52fa80baa52040e509b25978a805382ab95c31cf972.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
a5a978e2d598d997b451b52fa80baa52040e509b25978a805382ab95c31cf972.exe
Resource
win10v2004-20241007-en
General
-
Target
a5a978e2d598d997b451b52fa80baa52040e509b25978a805382ab95c31cf972.exe
-
Size
72KB
-
MD5
f70a4034198e02dbaf343e38c83edaf3
-
SHA1
d518495221d56dc3576602e3e0f5a67b64302286
-
SHA256
a5a978e2d598d997b451b52fa80baa52040e509b25978a805382ab95c31cf972
-
SHA512
aa0e07395e851ef844576d659f7b2ad276ec3e5df8fda2706aaa1608809ae3b244dab3b812553593fed0393e0cc5274dd5f82fee089ea5af9dd813cb3c3a2974
-
SSDEEP
1536:IdJSEo1PopjSCWshvOXh6HjKmCbztMb+KR0Nc8QsJq3t:QJSE28jHWs14ujKr1e0Nc8QsCt
Malware Config
Extracted
metasploit
windows/shell_reverse_tcp
192.168.1.27:4444
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language a5a978e2d598d997b451b52fa80baa52040e509b25978a805382ab95c31cf972.exe