Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

53568bce61...ab.exe

windows7-x64

10

53568bce61...ab.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/01/2024, 11:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    53568bce616590a84be3d29cb6c8d6ab.exe

  • Size

    3.7MB

  • MD5

    53568bce616590a84be3d29cb6c8d6ab

  • SHA1

    cc67a3f4a8912b33e31848cfa010c2f1f38b23af

  • SHA256

    e0b2d7778010d7131444228e96cf7d84176264d45cde990963dce6a24f17b522

  • SHA512

    89aa601a075506ec4e454f8d2dc92730b808f23ffcfa9ce82f921bceefd5d9b80eac0068f5431147cfdfc572cb2268bfeee4454ca2fc053af769e1cde059cb1f

  • SSDEEP

    98304:dekYINu4u6Q9eTTbW0mK2ZvfujtiJVPOOwexy2sovk/a:oIofm2Zkm5E2sovk/

Score
10/10
cobaltstrikebackdoortrojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://192.168.126.130:808/5jPn

Attributes
  • user_agent

    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

Signatures

  • Cobaltstrike

    Detected malicious payload which is part of Cobaltstrike.

    trojanbackdoorcobaltstrike
  • Loads dropped DLL 2 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\53568bce616590a84be3d29cb6c8d6ab.exe
    "C:\Users\Admin\AppData\Local\Temp\53568bce616590a84be3d29cb6c8d6ab.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4804
    • C:\Users\Admin\AppData\Local\Temp\53568bce616590a84be3d29cb6c8d6ab.exe
      "C:\Users\Admin\AppData\Local\Temp\53568bce616590a84be3d29cb6c8d6ab.exe"
      2⤵
      • Loads dropped DLL
      PID:2488
  • C:\Windows\system32\rundll32.exe
    "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
    1⤵
      PID:2496
    • C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe -k UnistackSvcGroup
      1⤵
        PID:1320

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\_MEI48042\_ctypes.pyd
        Filesize

        119KB

        MD5

        f5ec0b24dfc7952241c7a86abfb61455

        SHA1

        84176ec5d9f6d106a3ac1724539dfccb7c4c6c33

        SHA256

        6c560fb6bac55b5b75ecd80d6f6efe797544fb6db060818f0a6e510ac5abd191

        SHA512

        91fad0a9b3a887b227fc5e40ebd0dc2e3a37805c02185ccd91547575e02c8196c76b96ce4bcc463e9993190e3b0a67ab5c8af1f5ada557f346a194455bc83040

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_MEI48042\payload.exe.manifest
        Filesize

        1KB

        MD5

        378be9f7a2759c42ad1ae8d85b5b8808

        SHA1

        5e47069dbb56dcef6e1ba8661c18e76b10bd360f

        SHA256

        fca39507650a96dba22eaf43973972c305b1412dfb9723556ff24dae8f59c54a

        SHA512

        dc0efbf5ef53a6c430e0abeb328f36b6db16632bd370a259eccad96c8a13f4bac6f1b91d8d6f679765df8d06bc7793ad9cfd2a07f373d9edd340c95b1d783ef7

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_MEI48042\python27.dll
        Filesize

        133KB

        MD5

        e74791584944a6ddae7f3187f2289b7d

        SHA1

        90ba9b8d5fc1615599c890b11094436fc72abc0c

        SHA256

        5ac5e86c6e2eb42c176fdcdebecad42ce9d848b9eabd2412a5e20b5d8e0968ba

        SHA512

        244b02fce5fee46538f6109ff5c992672b4508f2f7430242e5a95b6b3b0070d7a74489be1cadd9a73dea094f6b96a8421e04f1f69d0da871a1854586ec731a30

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_MEI48042\python27.dll
        Filesize

        1.3MB

        MD5

        8bb7db21aec7c5792fbaed0ae25f894d

        SHA1

        c9a5e6b31a897b99929dc002502be93275a17a76

        SHA256

        9371ee94289f10e9d8cacb2bdcc7695fd3f23cd9985a5448c17fc0593a14c50e

        SHA512

        2af5cadc98d411d74f9be231162d5ee85f8bea37e6bf70cacdbe7505ec33939eeb1dc684e4d275f7031fb92d414d4b3248a0b2695f6ff8e2cf73c0f7cfb1312e

        Download Submit

      • memory/1320-45-0x000001E936970000-0x000001E936980000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1320-61-0x000001E936A70000-0x000001E936A80000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2488-16-0x00000000009A0000-0x00000000009A1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2488-18-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download

      • memory/4804-17-0x0000000000400000-0x0000000000434000-memory.dmp

        Filesize

        208KB

        Download