Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-06-01...ke.exe

windows7-x64

10

2024-06-01...ke.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    143s
  • max time network
    141s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/06/2024, 03:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-06-01_438176bd096892c7be381d2b9923bc1d_cobalt-strike_cobaltstrike.exe

  • Size

    4.8MB

  • MD5

    438176bd096892c7be381d2b9923bc1d

  • SHA1

    2ebd6a6dea041b77185dd1b211d3a205b2c68f0a

  • SHA256

    ffd35e982e0e58edf703fb99358a1996c8dd4f977016abf9bd45b753f7a3dd68

  • SHA512

    44f5d436fb44f138367ee54ab6d4e2a7aa2cc2a0d81c0b270f00d51b4a5bfe6e2cd221f14c3c63fd3f8f3eb830ec9fe298f4bcb15135934002a1812141a9aa3e

  • SSDEEP

    98304:SW1qiPgxn+cuSuxx8Svt73qq36IdKtVxNw6pUkp3bkbRxCUe:53EnsxxDt73DdKrwapwbte

Score
10/10
cobaltstrikexmrigbackdoorminertrojanupx

Malware Config

Signatures

  • Cobalt Strike reflective loader 1 IoCs

    Detects the reflective loader used by Cobalt Strike.

  • Cobaltstrike

    Detected malicious payload which is part of Cobaltstrike.

    trojanbackdoorcobaltstrike
  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • Detects Reflective DLL injection artifacts 1 IoCs
  • Detects executables containing URLs to raw contents of a Github gist 8 IoCs
  • UPX dump on OEP (original entry point) 10 IoCs
  • XMRig Miner payload 8 IoCs
    miner
  • UPX packed file 10 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops desktop.ini file(s) 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Drops autorun.inf file 1 TTPs 3 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in Program Files directory 64 IoCs
  • Modifies Internet Explorer start page 1 TTPs 5 IoCs
    stealer
  • Modifies system certificate store 2 TTPs 14 IoCs
    evasionspywaretrojan
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-01_438176bd096892c7be381d2b9923bc1d_cobalt-strike_cobaltstrike.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-01_438176bd096892c7be381d2b9923bc1d_cobalt-strike_cobaltstrike.exe"
    1⤵
    • Drops desktop.ini file(s)
    • Drops autorun.inf file
    • Drops file in Program Files directory
    • Modifies Internet Explorer start page
    • Modifies system certificate store
    • Suspicious use of AdjustPrivilegeToken
    PID:744
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4212,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=4132 /prefetch:8
    1⤵
      PID:3600

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files\7-Zip\7-zip32.dll
      Filesize

      5.0MB

      MD5

      3eeba8c16df58d4f45252a5769926729

      SHA1

      a0d916942a0fc77092c53191908d40e1a270cb6e

      SHA256

      5baa9c7ae80fc28fb92396c649a08f4609e728b42ffaaee84963c48e4654b757

      SHA512

      22aa350bc0aa043b9cee0d92c317dc947353d533b3cc1c748d21963308c18f72472c5f907693e924b8db35990bf10a8fcb39de460ceda98582984dec572bcbf6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
      Filesize

      1KB

      MD5

      55540a230bdab55187a841cfe1aa1545

      SHA1

      363e4734f757bdeb89868efe94907774a327695e

      SHA256

      d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

      SHA512

      c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
      Filesize

      230B

      MD5

      ce936e98444feeddd73ab1d92cc94291

      SHA1

      e6b7f188c5968edb679517dd9de5d609e0438486

      SHA256

      a0b2971a1af7dbeacb395e2adfdb8ba8ad4cda3cfc9fa758c003195e9170e0a0

      SHA512

      7aebd052ed8e5402ef9f33d57238ff1427ec302a4a18c57b210e769f33f8fed92a3167fb03da02487390f60f114df06ba0ab36e2bd0aa97bcabdc9a05bc9b10f

      Download Submit

    • memory/744-2603-0x0000000000400000-0x00000000010B6000-memory.dmp

      Filesize

      12.7MB

      Download

    • memory/744-1-0x00000000001F0000-0x0000000000200000-memory.dmp

      Filesize

      64KB

      Download

    • memory/744-521-0x0000000000400000-0x00000000010B6000-memory.dmp

      Filesize

      12.7MB

      Download

    • memory/744-1528-0x0000000000400000-0x00000000010B6000-memory.dmp

      Filesize

      12.7MB

      Download

    • memory/744-2071-0x0000000000400000-0x00000000010B6000-memory.dmp

      Filesize

      12.7MB

      Download

    • memory/744-0-0x0000000000400000-0x00000000010B6000-memory.dmp

      Filesize

      12.7MB

      Download

    • memory/744-3572-0x0000000000400000-0x00000000010B6000-memory.dmp

      Filesize

      12.7MB

      Download

    • memory/744-4449-0x0000000000400000-0x00000000010B6000-memory.dmp

      Filesize

      12.7MB

      Download

    • memory/744-4723-0x0000000000060000-0x0000000000062000-memory.dmp

      Filesize

      8KB

      Download

    • memory/744-4770-0x00007FFEB9190000-0x00007FFEB929B000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/744-4769-0x0000000000400000-0x00000000010B6000-memory.dmp

      Filesize

      12.7MB

      Download

    • memory/744-4776-0x0000000005740000-0x0000000005741000-memory.dmp

      Filesize

      4KB

      Download

    • memory/744-4779-0x0000000000400000-0x00000000010B6000-memory.dmp

      Filesize

      12.7MB

      Download