Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-12-10...ch.exe

windows7-x64

3

2024-12-10...ch.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/12/2024, 14:41 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-12-10_af2232a8fba7e0d40f577cc919209cc6_cobalt-strike_cobaltstrike_poet-rat_snatch.exe

  • Size

    5.0MB

  • MD5

    af2232a8fba7e0d40f577cc919209cc6

  • SHA1

    49b2bd2e8fa115013888a259e42635a22f45a7c2

  • SHA256

    3b596b14c77c59d19eca02f1881d7742357430a25fbeb6075fa0672b54e469f9

  • SHA512

    0030843db414c554130c47d3e26a48e365a9f3f096769b60600889a96d285804e1d0cf9cb63a02ae7bec796757c6dbdf86f42e1a6afe1f1ad781ce224d07235f

  • SSDEEP

    49152:r56uL3pgrCEdMKPFotsgEBr6GjvzW+UBA3Gd7po52xWKQY2v2V6liK1uOCeXvpnV:r56utgpPFotBER/mQ32lUP

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-12-10_af2232a8fba7e0d40f577cc919209cc6_cobalt-strike_cobaltstrike_poet-rat_snatch.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-12-10_af2232a8fba7e0d40f577cc919209cc6_cobalt-strike_cobaltstrike_poet-rat_snatch.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:3996

Network

  • flag-us
    DNS
    13.86.106.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.86.106.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    83.210.23.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    83.210.23.2.in-addr.arpa
    IN PTR
    Response
    83.210.23.2.in-addr.arpa
    IN PTR
    a2-23-210-83deploystaticakamaitechnologiescom
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    14.160.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    14.160.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    58.55.71.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    58.55.71.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    s3.us-east-2.amazonaws.com
    2024-12-10_af2232a8fba7e0d40f577cc919209cc6_cobalt-strike_cobaltstrike_poet-rat_snatch.exe
    Remote address:
    8.8.8.8:53
    Request
    s3.us-east-2.amazonaws.com
    IN A
    Response
    s3.us-east-2.amazonaws.com
    IN A
    52.219.111.217
    s3.us-east-2.amazonaws.com
    IN A
    52.219.111.65
    s3.us-east-2.amazonaws.com
    IN A
    3.5.132.149
    s3.us-east-2.amazonaws.com
    IN A
    52.219.94.89
    s3.us-east-2.amazonaws.com
    IN A
    3.5.130.232
    s3.us-east-2.amazonaws.com
    IN A
    52.219.94.137
    s3.us-east-2.amazonaws.com
    IN A
    52.219.105.113
    s3.us-east-2.amazonaws.com
    IN A
    52.219.229.161
  • flag-us
    DNS
    97.17.167.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    97.17.167.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    217.111.219.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.111.219.52.in-addr.arpa
    IN PTR
    Response
    217.111.219.52.in-addr.arpa
    IN PTR
    s3 us-east-2 amazonawscom
  • flag-us
    DNS
    113.39.65.18.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    113.39.65.18.in-addr.arpa
    IN PTR
    Response
    113.39.65.18.in-addr.arpa
    IN PTR
    server-18-65-39-113ams1r cloudfrontnet
  • flag-us
    DNS
    88.210.23.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    88.210.23.2.in-addr.arpa
    IN PTR
    Response
    88.210.23.2.in-addr.arpa
    IN PTR
    a2-23-210-88deploystaticakamaitechnologiescom
  • flag-us
    DNS
    53.210.109.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    53.210.109.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    18.31.95.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.31.95.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    48.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    48.229.111.52.in-addr.arpa
    IN PTR
    Response
  • 52.219.111.217:443
    s3.us-east-2.amazonaws.com
    tls
    2024-12-10_af2232a8fba7e0d40f577cc919209cc6_cobalt-strike_cobaltstrike_poet-rat_snatch.exe
    1.2kB
     7.8kB
     15
    18
  • 8.8.8.8:53
    13.86.106.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    13.86.106.20.in-addr.arpa

  • 8.8.8.8:53
    83.210.23.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    83.210.23.2.in-addr.arpa

  • 8.8.8.8:53
    14.160.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    14.160.190.20.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    58.55.71.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    58.55.71.13.in-addr.arpa

  • 8.8.8.8:53
    s3.us-east-2.amazonaws.com
    dns
    2024-12-10_af2232a8fba7e0d40f577cc919209cc6_cobalt-strike_cobaltstrike_poet-rat_snatch.exe
    72 B
     200 B
     1
    1

    DNS Request

    s3.us-east-2.amazonaws.com

    DNS Response

    52.219.111.217
    52.219.111.65
    3.5.132.149
    52.219.94.89
    3.5.130.232
    52.219.94.137
    52.219.105.113
    52.219.229.161

  • 8.8.8.8:53
    97.17.167.52.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    97.17.167.52.in-addr.arpa

  • 8.8.8.8:53
    217.111.219.52.in-addr.arpa
    dns
    73 B
     113 B
     1
    1

    DNS Request

    217.111.219.52.in-addr.arpa

  • 8.8.8.8:53
    113.39.65.18.in-addr.arpa
    dns
    71 B
     126 B
     1
    1

    DNS Request

    113.39.65.18.in-addr.arpa

  • 8.8.8.8:53
    88.210.23.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    88.210.23.2.in-addr.arpa

  • 8.8.8.8:53
    53.210.109.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    53.210.109.20.in-addr.arpa

  • 8.8.8.8:53
    18.31.95.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    18.31.95.13.in-addr.arpa

  • 8.8.8.8:53
    48.229.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    48.229.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.