Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
06ac60dd14b4e99f52e9be202ae7466a8ad2a828a04d14bfb7a512e715d009bf
-
Size
218KB
-
Sample
231012-jb97qsea9t
-
MD5
646a20e0d0e380c7b75a3c44c95ee931
-
SHA1
48c93e6ec058164f6ec5228546392eee2f4d6744
-
SHA256
06ac60dd14b4e99f52e9be202ae7466a8ad2a828a04d14bfb7a512e715d009bf
-
SHA512
5e535541d5930521b29a8cbfa40eab25c57f006e3d1fd80e0499e15bf350ba8e4d34119d5f1f0b9fbbe11174978f33c2c626f9affe7f3ff4b49dd6f49e6f0ad5
-
SSDEEP
3072:tfyTFpXSc43UtiD8Umh8I6lk0bF+EjJeNDU2a7i78nifiRjdURZ52eBS:tfsD4ktiD8UI8I66C+6AsXnifujkh
Behavioral task
behavioral1
Sample
06ac60dd14b4e99f52e9be202ae7466a8ad2a828a04d14bfb7a512e715d009bf.dll
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
06ac60dd14b4e99f52e9be202ae7466a8ad2a828a04d14bfb7a512e715d009bf.dll
Resource
win10v2004-20230915-en
Malware Config
Extracted
cobaltstrike
987654321
http://139.59.235.156:80/_/scs/mail-static/_/js/
-
access_type
512
-
host
139.59.235.156,/_/scs/mail-static/_/js/
-
http_header1
AAAABwAAAAAAAAADAAAAAgAAAAVPU0lEPQAAAAYAAAAGQ29va2llAAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAfQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuNQAAAAoAAAAeQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlAAAACgAAAAZETlQ6IDEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACQAAAA11aT1kMzI0NGM0NzA3AAAACQAAAAtob3A9NjkyODYzMgAAAAkAAAAHc3RhcnQ9MAAAAAoAAAA9Q29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQ7Y2hhcnNldD11dGYtOAAAAAcAAAAAAAAAAwAAAAIAAAAFT1NJRD0AAAAGAAAABkNvb2tpZQAAAAcAAAABAAAAAwAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
3840
-
polling_time
60000
-
port_number
80
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBTf1Ca0y81oxNtpgyXbsq7ds5YQB4R/eG3S4b//NoKFZh68Hh2shO7rjjOVIV/ukSiqemxsXe7NJ/z+su/VUlRoZ/tomuBsfAGFvJaTD0jYDN0RHVHhSqrSjnhPgQkpQfKRQTQaBnn42U+3djTNHWZOo+BX6YmL6p3DQx+iOL6QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
5.37071616e+08
-
unknown2
AAAABAAAAAEAAAF3AAAAAQAAAPoAAAACAAAABAAAAAIAAAAcAAAAAgAAACQAAAACAAAAEgAAAAIAAAAEAAAAAgAAABwAAAACAAAAJAAAAAIAAAARAAAAAgAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/mail/u/0/
-
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; MANM)
-
watermark
987654321
Targets
-
-
Target
06ac60dd14b4e99f52e9be202ae7466a8ad2a828a04d14bfb7a512e715d009bf
-
Size
218KB
-
MD5
646a20e0d0e380c7b75a3c44c95ee931
-
SHA1
48c93e6ec058164f6ec5228546392eee2f4d6744
-
SHA256
06ac60dd14b4e99f52e9be202ae7466a8ad2a828a04d14bfb7a512e715d009bf
-
SHA512
5e535541d5930521b29a8cbfa40eab25c57f006e3d1fd80e0499e15bf350ba8e4d34119d5f1f0b9fbbe11174978f33c2c626f9affe7f3ff4b49dd6f49e6f0ad5
-
SSDEEP
3072:tfyTFpXSc43UtiD8Umh8I6lk0bF+EjJeNDU2a7i78nifiRjdURZ52eBS:tfsD4ktiD8UI8I66C+6AsXnifujkh
Score3/10 -