Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    122s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    22/08/2023, 14:01

General

  • Target

    e1f715c37d2d5fed0be21cdf07acce133eba0897f7d2370de8784bbdb7779596.exe

  • Size

    11KB

  • MD5

    fcc4c4e38bc1368acaa5926bc976436f

  • SHA1

    1392d6785477bc81aadb6a3920bbbb9f0e5aeb6a

  • SHA256

    e1f715c37d2d5fed0be21cdf07acce133eba0897f7d2370de8784bbdb7779596

  • SHA512

    d8d153ac6265abcb7793ed1f247e28c9933a74af9e1c90b71316a8aefbd364bb17374fbf1e2acd430dadd29f978c904d204596f1c5944fed5b3fa69f9e8c845c

  • SSDEEP

    192:2mJbN+4Je67uhKS2ao9LRsJ6RR5mAVohSGAnYnkyUxaVXFaL1wcWk5:zJdeGP9L6J6RR5mxhmnYnnUxaVXALJ5

Malware Config

Extracted

Family

cobaltstrike

C2

http://116.211.148.181:800/Tbo8

Attributes
  • user_agent

    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)

Signatures

  • Cobaltstrike

    Detected malicious payload which is part of Cobaltstrike.

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

Processes

  • C:\Users\Admin\AppData\Local\Temp\e1f715c37d2d5fed0be21cdf07acce133eba0897f7d2370de8784bbdb7779596.exe
    "C:\Users\Admin\AppData\Local\Temp\e1f715c37d2d5fed0be21cdf07acce133eba0897f7d2370de8784bbdb7779596.exe"
    1⤵
      PID:2584

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2584-54-0x0000000000400000-0x0000000000410000-memory.dmp

      Filesize

      64KB

    • memory/2584-55-0x0000000000020000-0x0000000000021000-memory.dmp

      Filesize

      4KB

    • memory/2584-56-0x0000000000400000-0x0000000000410000-memory.dmp

      Filesize

      64KB