Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
6d6a4533ce9fb518e1fe891fc8fa9ad51e4dec6d1ff024ebf24c390656c3e5c7
-
Size
380KB
-
MD5
2dbb89972bc9b697a46b6852cccfa35b
-
SHA1
64476be44b2693aeced74ad499257751fe9b961f
-
SHA256
6d6a4533ce9fb518e1fe891fc8fa9ad51e4dec6d1ff024ebf24c390656c3e5c7
-
SHA512
6cdd0c70d2584f16f672a2a0925f04da82d5dcfb02362f0d60a0dc581d2de9ffef746ce7db597a39749350019fbf62d9c430e8dd4d688a6b2e9f389802d389ad
-
SSDEEP
6144:aAgVsBSj9evYwdtYxTrXlNs6ivcQKXF2yEQDr0LdaAtUNT:aRP9evYCt4X4bgs8
Malware Config
Extracted
cobaltstrike
665745135
http://yelp.com:443/gp/aj/private/reviewsGallery/get-application-resources
http://bbc.com:443/api2/json/cluster/resources
http://nytimes.com:443/en-us/p/onerf/MeSilentPassport
http://dictionary.com:443/en-us/p/onerf/MeSilentPassport
-
access_type
512
-
beacon_type
2048
-
host
yelp.com,/gp/aj/private/reviewsGallery/get-application-resources,bbc.com,/api2/json/cluster/resources,nytimes.com,/en-us/p/onerf/MeSilentPassport,dictionary.com,/en-us/p/onerf/MeSilentPassport
-
http_header1
AAAACgAAAJBBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL2F2aWYsaW1hZ2Uvd2VicCxpbWFnZS9hcG5nLCovKjtxPTAuOCxhcHBsaWNhdGlvbi9zaWduZWQtZXhjaGFuZ2VkL3Y9YjM7cT0wLjkAAAAKAAAAH0FjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjkAAAAKAAAAIkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZSwgYnIAAAAHAAAAAAAAAAgAAAAPAAAAAwAAAAIAAAAtZGlzcGxheS1jdWx0dXJlPWVuO2NoZWNrPXRydWU7bGJjcz0wO3Nlc3MtaWQ9AAAAAQAAACA7U0lEQ0M9QU4wLU5SWTRjSkdLOU9sQWU7VG1tdjQ9QwAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAJBBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL2F2aWYsaW1hZ2Uvd2VicCxpbWFnZS9hcG5nLCovKjtxPTAuOCxhcHBsaWNhdGlvbi9zaWduZWQtZXhjaGFuZ2VkL3Y9YjM7cT0wLjkAAAAKAAAAH0FjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjkAAAAKAAAAIkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZSwgYnIAAAAHAAAAAAAAAA8AAAANAAAAAgAAAARzZXMtAAAABQAAAAJwcQAAAAcAAAABAAAACAAAAA8AAAANAAAAAgAAACl7ImxvY2FsZSI6ImVuIiwiY2hhbm5lbCI6InByb2QiLCJhZGRvbiI6IgAAAAEAAAACIn0AAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
23040
-
polling_time
15000
-
port_number
443
-
sc_process32
%windir%\syswow64\WerFault -a
-
sc_process64
%windir%\sysnative\WerFault -a
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCKpYKHPTr/o+ua/PTe9MpUMy6X0Y2z5l6FBVcrB9Ldm7LHyNkAYH/+neG1nN0l7A9Wd8e2xeRf+xsnhEAXrQ6wJPBx3GTBygGwcp2+25nd46vIOZBsMsSPNdyR7gj7LVabULJUMAKEfhO8i1ruciX5Uz/LI4FnAlUDYdZ8xdT/VwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
3.0086976e+09
-
unknown2
AAAABAAAAAEAAAADAAAAAgAAAFQAAAADAAAADwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/1.5/95648064/storage/tabs
-
user_agent
Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
-
watermark
665745135
Signatures
-
Cobaltstrike family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
6d6a4533ce9fb518e1fe891fc8fa9ad51e4dec6d1ff024ebf24c390656c3e5c7
Headers
Sections