Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
fa1cb9e8442f38561ad5c44aeacc45339bad2589ad0ccd83991cfc09ad409a8f
-
Size
904KB
-
Sample
221031-ng3r3aagf2
-
MD5
4bfad4cb9222e22214d002be79a0df7e
-
SHA1
44533522afbaf6b66a354e8b9f846117760e1320
-
SHA256
fa1cb9e8442f38561ad5c44aeacc45339bad2589ad0ccd83991cfc09ad409a8f
-
SHA512
725d8333c266a587cb2be983bc8c7957232049f76668c9e937a97952f09ec8b76f069ffabc6ca423b94e7760d4726ae4fa33f4ed1c3a15bd243a6f1614dfa90f
-
SSDEEP
24576:dGHCm8uPdJddrD7pIZ2GRaRkhiZ8fAivsP5+l8w:kuWzKZ2GRrKIkPw
Static task
static1
Behavioral task
behavioral1
Sample
fa1cb9e8442f38561ad5c44aeacc45339bad2589ad0ccd83991cfc09ad409a8f.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
fa1cb9e8442f38561ad5c44aeacc45339bad2589ad0ccd83991cfc09ad409a8f.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
cobaltstrike
http://124.220.0.89:7777/l5Si
-
user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727)
Extracted
cobaltstrike
0
-
watermark
0
Targets
-
-
Target
fa1cb9e8442f38561ad5c44aeacc45339bad2589ad0ccd83991cfc09ad409a8f
-
Size
904KB
-
MD5
4bfad4cb9222e22214d002be79a0df7e
-
SHA1
44533522afbaf6b66a354e8b9f846117760e1320
-
SHA256
fa1cb9e8442f38561ad5c44aeacc45339bad2589ad0ccd83991cfc09ad409a8f
-
SHA512
725d8333c266a587cb2be983bc8c7957232049f76668c9e937a97952f09ec8b76f069ffabc6ca423b94e7760d4726ae4fa33f4ed1c3a15bd243a6f1614dfa90f
-
SSDEEP
24576:dGHCm8uPdJddrD7pIZ2GRaRkhiZ8fAivsP5+l8w:kuWzKZ2GRrKIkPw
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-