Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

ffc015fc7f...11.exe

windows11-21h2-x64

10

Resubmissions

15/07/2024, 05:41

240715-gdesha1akj 10

15/07/2024, 05:35

240715-gahpzszgpk 10

Analysis

  • max time kernel
    31s
  • max time network
    31s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240709-en
  • resource tags

    arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    15/07/2024, 05:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ffc015fc7f0e6d7bfd5f4e9d146686514c1952875690c2e1f2db2e10bb1cbc11.exe

  • Size

    19KB

  • MD5

    a8f0f12833457bd3d604fd6bb998a7f7

  • SHA1

    5dbbf1ac06800cfb3b1ecfb43d37f9dd8fc8dcdd

  • SHA256

    ffc015fc7f0e6d7bfd5f4e9d146686514c1952875690c2e1f2db2e10bb1cbc11

  • SHA512

    d84e6133ab8a90c668ccecf9c89d0cf269adc1d43c4a629d0062ca18f1ff60709472d43147ef42e653cf3acbc8818ce8381dce25f151541ceb78cffe5f40edff

  • SSDEEP

    192:GV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2y75C9muEWF8qa1Dojjgi:gqaCF31cix+Dc4zjb5bOFF46gi

Score
10/10
cobaltstrikebackdoortrojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://192.168.75.128:80/jquery-3.3.2.slim.min.js

Attributes
  • user_agent

    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Referer: http://code.jquery.com/ Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko

Signatures

  • Cobaltstrike

    Detected malicious payload which is part of Cobaltstrike.

    trojanbackdoorcobaltstrike
  • Modifies registry class 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ffc015fc7f0e6d7bfd5f4e9d146686514c1952875690c2e1f2db2e10bb1cbc11.exe
    "C:\Users\Admin\AppData\Local\Temp\ffc015fc7f0e6d7bfd5f4e9d146686514c1952875690c2e1f2db2e10bb1cbc11.exe"
    1⤵
      PID:3080
    • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
      "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4544

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
      Filesize

      10KB

      MD5

      2b38ebcf2148207d5409435c37baa91f

      SHA1

      87fe72e51fb68082049a3233e6184f15ae69a81a

      SHA256

      07bb1c37aa8388d6f7b9e5a4f1a88e453d633d40f3cdb7fc2bb2a9b6b3f200c4

      SHA512

      37b2c8ca0ffd135e99d5248b4159cab2dcc5e41bf46cf7f40e0da2c57c66f7f4ee0ca863df5f545ad9ddee5dabe7fb63d699168236212a03f2551f1c629ebcf6

      Download Submit

    • memory/3080-0-0x00000000001F0000-0x00000000001F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3080-1-0x0000000000400000-0x000000000040C000-memory.dmp

      Filesize

      48KB

      Download