Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
lsass.exe
-
Size
541KB
-
Sample
230420-13xt6ace93
-
MD5
9bd6b1f24b9589a3fbc1d54b6e6184b8
-
SHA1
f8473c6c8b298a3d72c8ca890667eddab62d2ba8
-
SHA256
03a9d6afc99e70333723d921bd1265ac948cdabb8b15689b5ceb1c02365a9572
-
SHA512
58627332bb35727871984b1763eac64c7156414a29d81b090c6475c13b8d7d009828ba4240e581ab94c6b0908b12194b6489c9469bc1ad3151eda256c86e5607
-
SSDEEP
12288:r44xG36A38gfmYzEMbvYYU7CrJdJWTd4pb:3xG36nkEqyydYTd4p
Static task
static1
Behavioral task
behavioral1
Sample
lsass.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
lsass.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
cobaltstrike
0
http://fazehotafa.com:443/ak.css
-
access_type
512
-
beacon_type
2048
-
host
fazehotafa.com,/ak.css
-
http_header1
AAAAEAAAABBIb3N0OiB0YW9iYW8uY29tAAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAcAAAAAAAAADwAAAAMAAAACAAAAA2x1PQAAAAYAAAAGQ29va2llAAAACQAAAAtsZXR0ZXI9dHJ1ZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAAEAAAABBIb3N0OiB0YW9iYW8uY29tAAAACgAAABFDb25uZWN0aW9uOiBjbG9zZQAAAAoAAAAVQWNjZXB0LUVuY29kaW5nOiBnemlwAAAACgAAABhDb250ZW50LVR5cGU6IHRleHQvcGxhaW4AAAAHAAAAAQAAAA8AAAADAAAABAAAAAcAAAAAAAAAAwAAAAIAAAAOX19zZXNzaW9uX19pZD0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
7168
-
polling_time
5000
-
port_number
443
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1nAS8+PqMnQs3hynG2JDgMQK6ZqLkIoDXWnqaOS/dQsdKBHE0Ify/HIZ2ntSpyMtvomDHCA98pCEi1L7mT0mvfiYapP9Aj776rDpzXMYNiRk1BWrAzJqzLcfwzxJx26hL1VSu1C5mWEl7JsVT/9l/kHcNYAALgNQuI0uZAqM7YQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
2.943884288e+09
-
unknown2
AAAABAAAAAIAAAbnAAAAAwAAAA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/profile
-
user_agent
Mozilla/5.0 (Linux; Android 7.0; Pixel C Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0
-
watermark
0
Targets
-
-
Target
lsass.exe
-
Size
541KB
-
MD5
9bd6b1f24b9589a3fbc1d54b6e6184b8
-
SHA1
f8473c6c8b298a3d72c8ca890667eddab62d2ba8
-
SHA256
03a9d6afc99e70333723d921bd1265ac948cdabb8b15689b5ceb1c02365a9572
-
SHA512
58627332bb35727871984b1763eac64c7156414a29d81b090c6475c13b8d7d009828ba4240e581ab94c6b0908b12194b6489c9469bc1ad3151eda256c86e5607
-
SSDEEP
12288:r44xG36A38gfmYzEMbvYYU7CrJdJWTd4pb:3xG36nkEqyydYTd4p
Score10/10 -