Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

f4cc53f5c9...b6.exe

windows7-x64

10

f4cc53f5c9...b6.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/08/2023, 15:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f4cc53f5c926e15717b254381559babee146961fc7f9d1a8da93c8e80a1915b6.exe

  • Size

    19KB

  • MD5

    77bf2dc60ca894120b6e4fbafaca2c09

  • SHA1

    61571fe88f21bde9139f050094a091e5d157daf1

  • SHA256

    f4cc53f5c926e15717b254381559babee146961fc7f9d1a8da93c8e80a1915b6

  • SHA512

    0b26c967e7f3332d7d110a5c6d07657a361de0fc5937c9aa664ecce51fb58574f6b602675ece0fd7c173b6a21d2398c4f7fc9c073007ade759b9d6abb01a2a04

  • SSDEEP

    192:sV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2HgZWF8qa1Dojjgi:OqaCF31cix+Dc4zj6FF46gi

Score
10/10
cobaltstrikebackdoortrojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://81.68.130.209:80/GjaK

Attributes
  • user_agent

    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; MASAJS)

Signatures

  • Cobaltstrike

    Detected malicious payload which is part of Cobaltstrike.

    trojanbackdoorcobaltstrike
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f4cc53f5c926e15717b254381559babee146961fc7f9d1a8da93c8e80a1915b6.exe
    "C:\Users\Admin\AppData\Local\Temp\f4cc53f5c926e15717b254381559babee146961fc7f9d1a8da93c8e80a1915b6.exe"
    1⤵
      PID:4688
      • C:\Windows\system32\WerFault.exe
        C:\Windows\system32\WerFault.exe -u -p 4688 -s 1104
        2⤵
        • Program crash
        PID:3392
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -pss -s 444 -p 4688 -ip 4688
      1⤵
        PID:2584

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/4688-0-0x0000000000020000-0x0000000000021000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4688-1-0x00000000034E0000-0x00000000038E0000-memory.dmp

        Filesize

        4.0MB

        Download

      • memory/4688-2-0x0000000000400000-0x000000000040C000-memory.dmp

        Filesize

        48KB

        Download