Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
05/03/2024, 14:31
Static task
static1
Behavioral task
behavioral1
Sample
963cacd7eeebfb09950668bf1c6adf5452b992fc09119835cd256c5d3cf17f91.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
963cacd7eeebfb09950668bf1c6adf5452b992fc09119835cd256c5d3cf17f91.dll
Resource
win10v2004-20240226-en
General
-
Target
963cacd7eeebfb09950668bf1c6adf5452b992fc09119835cd256c5d3cf17f91.dll
-
Size
106KB
-
MD5
e70d2f9258a0f784bdc3bd52e75a68bb
-
SHA1
cb17fb4e8428cad71bef5123bd487d77449fcb80
-
SHA256
963cacd7eeebfb09950668bf1c6adf5452b992fc09119835cd256c5d3cf17f91
-
SHA512
ab75a8b7e13eb40271326280f45e6041f12654b1bd9522249f396a1fbb120b4d6fcc8cedeef699fbaf7c5ffdda9883ef7c788299e274488a68990820ad69c409
-
SSDEEP
1536:SFJvJrURWA2/Xk/3d9nyFjshbrY03tFYwnv70ktqvyocqBA:grUM3I9pFFYSrtZwA
Malware Config
Extracted
cobaltstrike
http://208.87.129.179:843/c/msdownload/update/others/2020/10/29136389_
-
user_agent
Accept: */* Host: download.windowsupdate.com User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.40
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Blocklisted process makes network request 20 IoCs
flow pid Process 2 1924 rundll32.exe 5 1924 rundll32.exe 6 1924 rundll32.exe 7 1924 rundll32.exe 8 1924 rundll32.exe 9 1924 rundll32.exe 10 1924 rundll32.exe 12 1924 rundll32.exe 13 1924 rundll32.exe 14 1924 rundll32.exe 15 1924 rundll32.exe 16 1924 rundll32.exe 18 1924 rundll32.exe 19 1924 rundll32.exe 20 1924 rundll32.exe 21 1924 rundll32.exe 22 1924 rundll32.exe 23 1924 rundll32.exe 24 1924 rundll32.exe 26 1924 rundll32.exe