Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
143s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
-
submitted
21/08/2023, 17:52
General
-
Target
643a9947b322770d7e86798edf4d16aa_cobalt-strike_cobaltstrike_meterpreter_JC.dll
-
Size
234KB
-
MD5
643a9947b322770d7e86798edf4d16aa
-
SHA1
7db4631160068b5d41c00f51095464702f2c88cf
-
SHA256
4f4fe3c9a73cee60fbf935844887a3b860556d2c2e1e7684c5c212517162e750
-
SHA512
06d3fd7f08cecf18d97094c8ccd88daf9d9d64faa4523a46ca1f3ae800eefa15feabf802eee50739270cd58f69e495af5bcaf76a0ab8035830e319b123ff1613
-
SSDEEP
3072:n3vli2EJv1RBuZH3JxgYhgipvLKoTte0SqoOCtA21/wlULGs7jnZdFjdUJ5gRt:n3vyJNRkZHBvZp0qoOCu2pkojnZHjp
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\643a9947b322770d7e86798edf4d16aa_cobalt-strike_cobaltstrike_meterpreter_JC.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\643a9947b322770d7e86798edf4d16aa_cobalt-strike_cobaltstrike_meterpreter_JC.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 6323⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 760 -ip 7601⤵