Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
26570ab9f442065765270e47672f1c486173fced5d1a4b32d4e4997fec9e58ad.zip
-
Size
148KB
-
Sample
230321-rw7aksdb4y
-
MD5
07223f799b10f7b9c93aacab66a1d293
-
SHA1
7763d46db6722415be3c4969a261b74ff4a7868f
-
SHA256
209a4143f0cea579e6d3acffc2b4d873102932d91abb7514cfa5b7afcdb355ff
-
SHA512
d94b0d9c125d7cce178e41f836b544fa42cd2643bbe85b346630f1ac1bca25da17a09ef765e523033afcd348821ff2fd6322fea5c5ed20fe69282d8f41602c56
-
SSDEEP
3072:RS9rn+2trnNqLEV1zTmZX2Omm04S98fkeEFrb3mdUKk4OXYt2:RS9rnJnALEV1m12c0rCfS3LKFOXa2
Behavioral task
behavioral1
Sample
26570ab9f442065765270e47672f1c486173fced5d1a4b32d4e4997fec9e58ad.ps1
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
26570ab9f442065765270e47672f1c486173fced5d1a4b32d4e4997fec9e58ad.ps1
Resource
win10v2004-20230220-en
Malware Config
Extracted
cobaltstrike
391144938
http://b7r.duckdns.org:443/g.pixel
-
access_type
512
-
beacon_type
2048
-
host
b7r.duckdns.org,/g.pixel
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
443
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVW56XGpbj8qtiqp+9VElpMZo7uTvjGtVF8u4N//Lu2iiPRjAGAh/TRtYH8DN5YTHi04jD+vdqhPt5OiT+T4cqtbpydJD3GU6qXAZfHQ1GkXCTIpaqbQ1TYj4J7Rgmc8kHJq1aiFMuYpT/ewweAnBob2/lyeMEGoG1Ymo671/pqQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; MASAJS)
-
watermark
391144938
Targets
-
-
Target
26570ab9f442065765270e47672f1c486173fced5d1a4b32d4e4997fec9e58ad.ps1
-
Size
293KB
-
MD5
049cfba6fd3c0b5b4552916969d1dbec
-
SHA1
ab3fbce5743b8ce24be1639a8cb802ffc217e8e9
-
SHA256
26570ab9f442065765270e47672f1c486173fced5d1a4b32d4e4997fec9e58ad
-
SHA512
55684784efa5eb21eca358f7603c223927d938da4bcc14270108ec9b1d0e71bdfb99c570097e2a27ba79fb843d164c3d2b3b6f2f9b0bd3832cf8e2e4a42d774e
-
SSDEEP
6144:2ER6mHX+TmLD4eyg16i3RJ3rFI8kHMSTpbJN4aXsxGQZ0:2sr4ey7ihFFI3HTr/Xw0
Score10/10-
Blocklisted process makes network request
-