Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-11-19...ch.exe

windows7-x64

3

2024-11-19...ch.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    93s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/11/2024, 12:54 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-11-19_3593d3eb6aeae80545ed962a287527c5_cobalt-strike_cobaltstrike_poet-rat_snatch.exe

  • Size

    4.9MB

  • MD5

    3593d3eb6aeae80545ed962a287527c5

  • SHA1

    b3f168a5217f2bf7f05fd7226894e769caa68182

  • SHA256

    361a95a09d9b67d86288b894a8b4a2440f9105401a071d8af8eeb70f7043f250

  • SHA512

    ce8002c9e5a52d7b98878ea6790b26fddef5ce90bbd2a2ac0f7f1baa678756f2471c9eef20af8125d59b4d3d29d236ae6c45a580bbb69e915edf336304e78abe

  • SSDEEP

    49152:r56uL3pgrCEdMKPFotsgEBr6GjvzW+UBA3Gd7po52xWKQY2v2V6liK1uOCeXvpnO:r56utgpPFotBER/mQ32lU0

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-11-19_3593d3eb6aeae80545ed962a287527c5_cobalt-strike_cobaltstrike_poet-rat_snatch.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-11-19_3593d3eb6aeae80545ed962a287527c5_cobalt-strike_cobaltstrike_poet-rat_snatch.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:4832

Network

  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    58.55.71.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    58.55.71.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    83.210.23.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    83.210.23.2.in-addr.arpa
    IN PTR
    Response
    83.210.23.2.in-addr.arpa
    IN PTR
    a2-23-210-83deploystaticakamaitechnologiescom
  • flag-us
    DNS
    4.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    4.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    209.205.72.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    209.205.72.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    s3.us-east-2.amazonaws.com
    2024-11-19_3593d3eb6aeae80545ed962a287527c5_cobalt-strike_cobaltstrike_poet-rat_snatch.exe
    Remote address:
    8.8.8.8:53
    Request
    s3.us-east-2.amazonaws.com
    IN A
    Response
    s3.us-east-2.amazonaws.com
    IN A
    52.219.93.201
    s3.us-east-2.amazonaws.com
    IN A
    52.219.100.66
    s3.us-east-2.amazonaws.com
    IN A
    3.5.130.80
    s3.us-east-2.amazonaws.com
    IN A
    52.219.178.137
    s3.us-east-2.amazonaws.com
    IN A
    3.5.131.125
    s3.us-east-2.amazonaws.com
    IN A
    52.219.97.129
    s3.us-east-2.amazonaws.com
    IN A
    52.219.107.41
    s3.us-east-2.amazonaws.com
    IN A
    52.219.98.217
  • flag-us
    DNS
    201.93.219.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    201.93.219.52.in-addr.arpa
    IN PTR
    Response
    201.93.219.52.in-addr.arpa
    IN PTR
    s3 us-east-2 amazonawscom
  • flag-us
    DNS
    37.82.161.3.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    37.82.161.3.in-addr.arpa
    IN PTR
    Response
    37.82.161.3.in-addr.arpa
    IN PTR
    server-3-161-82-37fra56r cloudfrontnet
  • flag-us
    DNS
    172.210.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.210.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    53.210.109.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    53.210.109.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    206.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    206.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.214.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.214.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    48.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    48.229.111.52.in-addr.arpa
    IN PTR
    Response
  • 52.219.93.201:443
    s3.us-east-2.amazonaws.com
    tls
    2024-11-19_3593d3eb6aeae80545ed962a287527c5_cobalt-strike_cobaltstrike_poet-rat_snatch.exe
    1.2kB
     7.8kB
     15
    18
  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
     90 B
     1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    58.55.71.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    58.55.71.13.in-addr.arpa

  • 8.8.8.8:53
    83.210.23.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    83.210.23.2.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    4.159.190.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    4.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    209.205.72.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    209.205.72.20.in-addr.arpa

  • 8.8.8.8:53
    s3.us-east-2.amazonaws.com
    dns
    2024-11-19_3593d3eb6aeae80545ed962a287527c5_cobalt-strike_cobaltstrike_poet-rat_snatch.exe
    72 B
     200 B
     1
    1

    DNS Request

    s3.us-east-2.amazonaws.com

    DNS Response

    52.219.93.201
    52.219.100.66
    3.5.130.80
    52.219.178.137
    3.5.131.125
    52.219.97.129
    52.219.107.41
    52.219.98.217

  • 8.8.8.8:53
    201.93.219.52.in-addr.arpa
    dns
    72 B
     112 B
     1
    1

    DNS Request

    201.93.219.52.in-addr.arpa

  • 8.8.8.8:53
    37.82.161.3.in-addr.arpa
    dns
    70 B
     125 B
     1
    1

    DNS Request

    37.82.161.3.in-addr.arpa

  • 8.8.8.8:53
    172.210.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.210.232.199.in-addr.arpa

  • 8.8.8.8:53
    53.210.109.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    53.210.109.20.in-addr.arpa

  • 8.8.8.8:53
    206.23.85.13.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    206.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    172.214.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.214.232.199.in-addr.arpa

  • 8.8.8.8:53
    48.229.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    48.229.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.