Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Behavioral task
behavioral1
Sample
17da0c49885389a4157dc361dddf6ee225c04da423ea87de571190bae11bec91.dll
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
17da0c49885389a4157dc361dddf6ee225c04da423ea87de571190bae11bec91.dll
Resource
win10v2004-20240802-en
General
-
Target
17da0c49885389a4157dc361dddf6ee225c04da423ea87de571190bae11bec91.zip
-
Size
119KB
-
MD5
08fbb10cd676b2dc4c21a0e78abfa647
-
SHA1
cd533f4209aca52df2dca3e43010c6a1238b59a2
-
SHA256
279406e6f966c389b405663444302ecc597118a87614b6d51fbb038dba6f9592
-
SHA512
0f07de1a2723736b55a39566ef1860a42e5961096e6792a5fbcfa0c3cdb4e3e49085d8e7e7601d9a8ca265a370b8a009db3bb8186a11faa8f6ef44d748e13677
-
SSDEEP
3072:3GOSfu3Ui9vx0m5JJeYmCZxXKekCkvVn1:3GOS2t0mTI3CnK7Ckv3
Malware Config
Extracted
cobaltstrike
0
-
watermark
0
Signatures
-
Cobalt Strike reflective loader 1 IoCs
Detects the reflective loader used by Cobalt Strike.
resource yara_rule static1/unpack001/17da0c49885389a4157dc361dddf6ee225c04da423ea87de571190bae11bec91 cobalt_reflective_dll -
Cobaltstrike family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/17da0c49885389a4157dc361dddf6ee225c04da423ea87de571190bae11bec91
Files
-
17da0c49885389a4157dc361dddf6ee225c04da423ea87de571190bae11bec91.zip.zip
Password: infected
-
17da0c49885389a4157dc361dddf6ee225c04da423ea87de571190bae11bec91.dll windows:5 windows x86 arch:x86
Password: infected
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI
Sections
.text Size: 152KB - Virtual size: 152KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 40KB - Virtual size: 40KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 44KB - Virtual size: 44KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ