Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system -
submitted
22/08/2023, 14:01
Behavioral task
behavioral1
Sample
e1f715c37d2d5fed0be21cdf07acce133eba0897f7d2370de8784bbdb7779596.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
e1f715c37d2d5fed0be21cdf07acce133eba0897f7d2370de8784bbdb7779596.exe
Resource
win10v2004-20230703-en
General
-
Target
e1f715c37d2d5fed0be21cdf07acce133eba0897f7d2370de8784bbdb7779596.exe
-
Size
11KB
-
MD5
fcc4c4e38bc1368acaa5926bc976436f
-
SHA1
1392d6785477bc81aadb6a3920bbbb9f0e5aeb6a
-
SHA256
e1f715c37d2d5fed0be21cdf07acce133eba0897f7d2370de8784bbdb7779596
-
SHA512
d8d153ac6265abcb7793ed1f247e28c9933a74af9e1c90b71316a8aefbd364bb17374fbf1e2acd430dadd29f978c904d204596f1c5944fed5b3fa69f9e8c845c
-
SSDEEP
192:2mJbN+4Je67uhKS2ao9LRsJ6RR5mAVohSGAnYnkyUxaVXFaL1wcWk5:zJdeGP9L6J6RR5mxhmnYnnUxaVXALJ5
Malware Config
Extracted
cobaltstrike
http://116.211.148.181:800/Tbo8
-
user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
resource yara_rule behavioral1/memory/2584-54-0x0000000000400000-0x0000000000410000-memory.dmp upx behavioral1/memory/2584-56-0x0000000000400000-0x0000000000410000-memory.dmp upx