Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
5c2c97648c330cf042d76e67a7cc6410498777f35a6340067f308f02f064a3a0
-
Size
327KB
-
Sample
231105-gcjeasdc56
-
MD5
81326cc4a4e14796d22e0072f117726b
-
SHA1
18bd2cbcab0fa332b6097eb16efb4983dd3c4322
-
SHA256
5c2c97648c330cf042d76e67a7cc6410498777f35a6340067f308f02f064a3a0
-
SHA512
57b70e840ec819aa9813db7878d04c36766ad2fbe078ea6d7317d548838c4b8333f9585e04382d3bbe9e2fbd82d158dffd4ce189a26a9f09ace0962d906f1bb7
-
SSDEEP
6144:jiubWrNSOetO6cprlQAOWizGLIoSdQX+tJs0/U:uubsNSOetfARQAPyGU2X+tZ/U
Static task
static1
Behavioral task
behavioral1
Sample
5c2c97648c330cf042d76e67a7cc6410498777f35a6340067f308f02f064a3a0.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
5c2c97648c330cf042d76e67a7cc6410498777f35a6340067f308f02f064a3a0.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
cobaltstrike
http://111.229.75.4:80/CcnI
-
user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ESES)
Targets
-
-
Target
5c2c97648c330cf042d76e67a7cc6410498777f35a6340067f308f02f064a3a0
-
Size
327KB
-
MD5
81326cc4a4e14796d22e0072f117726b
-
SHA1
18bd2cbcab0fa332b6097eb16efb4983dd3c4322
-
SHA256
5c2c97648c330cf042d76e67a7cc6410498777f35a6340067f308f02f064a3a0
-
SHA512
57b70e840ec819aa9813db7878d04c36766ad2fbe078ea6d7317d548838c4b8333f9585e04382d3bbe9e2fbd82d158dffd4ce189a26a9f09ace0962d906f1bb7
-
SSDEEP
6144:jiubWrNSOetO6cprlQAOWizGLIoSdQX+tJs0/U:uubsNSOetfARQAPyGU2X+tZ/U
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-