Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

67b70d7a7d...29.exe

windows7-x64

10

67b70d7a7d...29.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/09/2023, 11:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    67b70d7a7d9e2ce2a6ab1b38d92e6fffe32803b6e0c53cf574c928526e557d29.exe

  • Size

    315KB

  • MD5

    cb619d1d1e61eb5b6e715421f81b57f0

  • SHA1

    4971df39d835995be8158678ffe13e2e2cda9298

  • SHA256

    67b70d7a7d9e2ce2a6ab1b38d92e6fffe32803b6e0c53cf574c928526e557d29

  • SHA512

    34df41646d675c472ebea0dce5357d7d36803b3a208bd45e8c5505e5fe4e26126094cef544caae7e345d3e1c0336488aa5d9a7eaaa3eee5614e9643ae2910b95

  • SSDEEP

    6144:+cFmH8Rl2zZuHU3ZYQAhu7QZHNeRohUk7:NnRMZQKZwu7Qvao

Score
10/10
cobaltstrike100000backdoortrojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000

Attributes
  • beacon_type

    512

  • http_header1

    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • pipe_name

    \\.\pipe\4748b414810b439db6667891345c2dd8

  • polling_time

    10000

  • port_number

    4444

  • sc_process32

    %windir%\syswow64\dllhost.exe

  • sc_process64

    %windir%\sysnative\dllhost.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOIeHpg9IH745cjNp8LHEcT/ncZVjR7NFuJ/O+wtVLnrX4NLmyU69lkkhXd7WzuNy2rTYIaEcW+rqFcLazAeWR1PbMWTK7oEPDKPfEcbsvUojIDyMsJtiSpysjtBiDxd+EAjUgR7EtksUirZANUvND/iGICWQWO2GdYh5/iDZvaQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • watermark

    100000

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\67b70d7a7d9e2ce2a6ab1b38d92e6fffe32803b6e0c53cf574c928526e557d29.exe
    "C:\Users\Admin\AppData\Local\Temp\67b70d7a7d9e2ce2a6ab1b38d92e6fffe32803b6e0c53cf574c928526e557d29.exe"
    1⤵
      PID:116

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/116-0-0x0000019EE3200000-0x0000019EE3280000-memory.dmp

      Filesize

      512KB

      Download

    • memory/116-1-0x00007FF91BF00000-0x00007FF91BF10000-memory.dmp

      Filesize

      64KB

      Download

    • memory/116-2-0x0000019EE3280000-0x0000019EE3410000-memory.dmp

      Filesize

      1.6MB

      Download