Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

ae62041151...95.dll

windows7-x64

3

ae62041151...95.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ae620411514d549a6666f7bbd905e817df39897529cf91912bcdd188751b8e95

  • Size

    215KB

  • Sample

    240914-a31b6sydqf

  • MD5

    037f50987e532d3daebd46bbef36ceae

  • SHA1

    4ea41ffda8e223a04ffd166e680ac9e2b1d3d96b

  • SHA256

    ae620411514d549a6666f7bbd905e817df39897529cf91912bcdd188751b8e95

  • SHA512

    0b6fcdae0d47c73c60d0371479e865efefc09e7ec7f71faa50b3fd42398dde9f18ec4a3a933e7e6944f22890b7c9ed05bdc054e67905a50ec03120724b9b8107

  • SSDEEP

    3072:Pjh9N4a1j712h9Td2+1lxvTeZna8xUhUbT15adYkes:PjdFKdoSxvixTxUAHhs

Score
10/10
cobaltstrike0discovery

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
Attributes
  • access_type

    512

  • beacon_type

    256

  • create_remote_thread

    768

  • crypto_scheme

    256

  • host

    ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

  • http_header1

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • pipe_name

    \\%s\pipe\msagent_%x

  • polling_time

    5000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /N4215/adj/amzn.us.sr.aps

  • user_agent

    Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

  • watermark

    0

Targets

    • Target

      ae620411514d549a6666f7bbd905e817df39897529cf91912bcdd188751b8e95

    • Size

      215KB

    • MD5

      037f50987e532d3daebd46bbef36ceae

    • SHA1

      4ea41ffda8e223a04ffd166e680ac9e2b1d3d96b

    • SHA256

      ae620411514d549a6666f7bbd905e817df39897529cf91912bcdd188751b8e95

    • SHA512

      0b6fcdae0d47c73c60d0371479e865efefc09e7ec7f71faa50b3fd42398dde9f18ec4a3a933e7e6944f22890b7c9ed05bdc054e67905a50ec03120724b9b8107

    • SSDEEP

      3072:Pjh9N4a1j712h9Td2+1lxvTeZna8xUhUbT15adYkes:PjdFKdoSxvixTxUAHhs

    Score
    3/10
    discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.