Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-12-29...ch.exe

windows7-x64

3

2024-12-29...ch.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    93s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/12/2024, 16:46 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-12-29_5325f4f63b6e678e3a3bf1d8eb0e9c06_cobalt-strike_cobaltstrike_poet-rat_snatch.exe

  • Size

    5.0MB

  • MD5

    5325f4f63b6e678e3a3bf1d8eb0e9c06

  • SHA1

    6523473276cbab80ecc77fcc51284ed9e4313d92

  • SHA256

    eeaa4863f1052b478ed615b66275449897ad0631935168ff685bd1caa570d78b

  • SHA512

    d110551fdeba4b0f407591e581df47da5bd2ca037262af64077bc76a2ba6bbddcd98e2567790e8bb6da566124c3410d3da5bbc96fe4c020341928b7e54c0bc3d

  • SSDEEP

    49152:r56uL3pgrCEdMKPFotsgEBr6GjvzW+UBA3Gd7po52xWKQY2v2V6liK1uOCeXvpnD:r56utgpPFotBER/mQ32lUB

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-12-29_5325f4f63b6e678e3a3bf1d8eb0e9c06_cobalt-strike_cobaltstrike_poet-rat_snatch.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-12-29_5325f4f63b6e678e3a3bf1d8eb0e9c06_cobalt-strike_cobaltstrike_poet-rat_snatch.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:1788

Network

  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    232.168.11.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    232.168.11.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    232.168.11.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    232.168.11.51.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    232.168.11.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    232.168.11.51.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    73.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    73.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    149.220.183.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    149.220.183.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    149.220.183.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    149.220.183.52.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    149.220.183.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    149.220.183.52.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    s3.us-east-2.amazonaws.com
    2024-12-29_5325f4f63b6e678e3a3bf1d8eb0e9c06_cobalt-strike_cobaltstrike_poet-rat_snatch.exe
    Remote address:
    8.8.8.8:53
    Request
    s3.us-east-2.amazonaws.com
    IN A
    Response
    s3.us-east-2.amazonaws.com
    IN A
    3.5.131.139
    s3.us-east-2.amazonaws.com
    IN A
    52.219.109.89
    s3.us-east-2.amazonaws.com
    IN A
    52.219.110.1
    s3.us-east-2.amazonaws.com
    IN A
    52.219.84.202
    s3.us-east-2.amazonaws.com
    IN A
    52.219.229.89
    s3.us-east-2.amazonaws.com
    IN A
    16.12.66.121
    s3.us-east-2.amazonaws.com
    IN A
    52.219.232.1
    s3.us-east-2.amazonaws.com
    IN A
    52.219.84.122
  • flag-us
    DNS
    17.201.222.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    17.201.222.52.in-addr.arpa
    IN PTR
    Response
    17.201.222.52.in-addr.arpa
    IN PTR
    server-52-222-201-17cdg50r cloudfrontnet
  • flag-us
    DNS
    139.131.5.3.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    139.131.5.3.in-addr.arpa
    IN PTR
    Response
    139.131.5.3.in-addr.arpa
    IN PTR
    s3 us-east-2 amazonawscom
  • flag-us
    DNS
    73.144.22.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    73.144.22.2.in-addr.arpa
    IN PTR
    Response
    73.144.22.2.in-addr.arpa
    IN PTR
    a2-22-144-73deploystaticakamaitechnologiescom
  • flag-us
    DNS
    212.20.149.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    212.20.149.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    228.249.119.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    228.249.119.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    198.187.3.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    198.187.3.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    107.12.20.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    107.12.20.2.in-addr.arpa
    IN PTR
    Response
    107.12.20.2.in-addr.arpa
    IN PTR
    a2-20-12-107deploystaticakamaitechnologiescom
  • flag-us
    DNS
    81.144.22.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    81.144.22.2.in-addr.arpa
    IN PTR
    Response
    81.144.22.2.in-addr.arpa
    IN PTR
    a2-22-144-81deploystaticakamaitechnologiescom
  • flag-us
    DNS
    181.129.81.91.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    181.129.81.91.in-addr.arpa
    IN PTR
    Response
  • 3.5.131.139:443
    s3.us-east-2.amazonaws.com
    tls
    2024-12-29_5325f4f63b6e678e3a3bf1d8eb0e9c06_cobalt-strike_cobaltstrike_poet-rat_snatch.exe
    1.4kB
     8.6kB
     19
    18
  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
     90 B
     1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    232.168.11.51.in-addr.arpa
    dns
    216 B
     158 B
     3
    1

    DNS Request

    232.168.11.51.in-addr.arpa

    DNS Request

    232.168.11.51.in-addr.arpa

    DNS Request

    232.168.11.51.in-addr.arpa

  • 8.8.8.8:53
    73.159.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    73.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    149.220.183.52.in-addr.arpa
    dns
    219 B
     147 B
     3
    1

    DNS Request

    149.220.183.52.in-addr.arpa

    DNS Request

    149.220.183.52.in-addr.arpa

    DNS Request

    149.220.183.52.in-addr.arpa

  • 8.8.8.8:53
    s3.us-east-2.amazonaws.com
    dns
    2024-12-29_5325f4f63b6e678e3a3bf1d8eb0e9c06_cobalt-strike_cobaltstrike_poet-rat_snatch.exe
    72 B
     200 B
     1
    1

    DNS Request

    s3.us-east-2.amazonaws.com

    DNS Response

    3.5.131.139
    52.219.109.89
    52.219.110.1
    52.219.84.202
    52.219.229.89
    16.12.66.121
    52.219.232.1
    52.219.84.122

  • 8.8.8.8:53
    17.201.222.52.in-addr.arpa
    dns
    72 B
     129 B
     1
    1

    DNS Request

    17.201.222.52.in-addr.arpa

  • 8.8.8.8:53
    139.131.5.3.in-addr.arpa
    dns
    70 B
     110 B
     1
    1

    DNS Request

    139.131.5.3.in-addr.arpa

  • 8.8.8.8:53
    73.144.22.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    73.144.22.2.in-addr.arpa

  • 8.8.8.8:53
    212.20.149.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    212.20.149.52.in-addr.arpa

  • 8.8.8.8:53
    228.249.119.40.in-addr.arpa
    dns
    73 B
     159 B
     1
    1

    DNS Request

    228.249.119.40.in-addr.arpa

  • 8.8.8.8:53
    198.187.3.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    198.187.3.20.in-addr.arpa

  • 8.8.8.8:53
    107.12.20.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    107.12.20.2.in-addr.arpa

  • 8.8.8.8:53
    81.144.22.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    81.144.22.2.in-addr.arpa

  • 8.8.8.8:53
    181.129.81.91.in-addr.arpa
    dns
    72 B
     147 B
     1
    1

    DNS Request

    181.129.81.91.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.