Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20250217-en -
resource tags
arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system -
submitted
13/03/2025, 07:50
Static task
static1
Behavioral task
behavioral1
Sample
ma.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
ma.exe
Resource
win10v2004-20250217-en
General
-
Target
ma.exe
-
Size
281KB
-
MD5
a7b18fa0a9729193ed5d8fe99e1b653f
-
SHA1
4ea028f43ef9c8d4866652c63a3fd94cb2b7b460
-
SHA256
f635f424b967e3df6bec0e6bd4643d5b19bb6e3e3d9c925d91124b80f85e8d1b
-
SHA512
edda7566ac9af482fe3c5a35f120798dfb6b47e4bb61e624c308225d5472dc0c9b0066b88d8ca2ca4e05b744fa70872d138be393359b2fd69c23f7ca1725aa09
-
SSDEEP
6144:MCjRB7HtIw3GSKpuKIbk4iUNXeSyKN2655R0Mfdp4up4Q:3jauKIbk4iCXKYtTLrp4Q
Malware Config
Extracted
cobaltstrike
100000000
http://144.48.4.219:443/jquery-3.3.1.min.js
-
access_type
512
-
beacon_type
2048
-
host
144.48.4.219,/jquery-3.3.1.min.js
-
http_header1
AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAgUmVmZXJlcjogaHR0cDovL2NvZGUuanF1ZXJ5LmNvbS8AAAAKAAAAHkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQAAAAcAAAAAAAAADQAAAAIAAAAJX19jZmR1aWQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAgUmVmZXJlcjogaHR0cDovL2NvZGUuanF1ZXJ5LmNvbS8AAAAKAAAAHkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQAAAAcAAAAAAAAADwAAAA0AAAAFAAAACF9fY2ZkdWlkAAAABwAAAAEAAAAPAAAADQAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
9472
-
polling_time
45000
-
port_number
443
-
sc_process32
%windir%\syswow64\dllhost.exe
-
sc_process64
%windir%\sysnative\dllhost.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJzGjWWirPLTxN5fL642s06JUEEiMAwAsctJ/wC6nElkxVMAqZvpfDkxgzo6BhQJ8KEbcpI8wTPq1G79spBJQWyZYdULAoV9N5G4j3KArpHvfmeNMOpMhyL664MSO9QtaT0GyFimui4AkDWzkYLWjynkqMr6iaJcaTV6GpCTQQyQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4.234810624e+09
-
unknown2
AAAABAAAAAEAAAXyAAAAAgAAAFQAAAACAAAPWwAAAA0AAAAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/jquery-3.3.2.min.js
-
user_agent
Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
-
watermark
100000000
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Cobaltstrike family
-
Modifies system certificate store 2 TTPs 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\73A5E64A3BFF8316FF0EDCCC618A906E4EAE4D74 ma.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\73A5E64A3BFF8316FF0EDCCC618A906E4EAE4D74\Blob = 0f00000001000000300000004133c4e60fa183ee5e7a4416c5d54c3392c56c2f572829bf59347467bab07bcdcf840162988341d2d284fbd856df53b10b000000010000005c0000004d006900630072006f0073006f00660074002000520053004100200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f007200690074007900200032003000310037000000620000000100000020000000c741f70f4b2a8d88bf2e71c14122ef53ef10eba0cfa5e64cfa20f418853073e0090000000100000016000000301406082b0601050507030206082b0601050507030114000000010000001400000009cb597f86b2708f1ac339e3c0d9e9bfbb4db2231d000000010000001000000072a49195309fb934d60a98e4ec451a6c69000000010000000e000000300c060a2b0601040182373c030103000000010000001400000073a5e64a3bff8316ff0edccc618a906e4eae4d742000000001000000ac050000308205a830820390a00302010202101ed397095fd8b4b347701eaabe7f45b3300d06092a864886f70d01010c05003065310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e313630340603550403132d4d6963726f736f66742052534120526f6f7420436572746966696361746520417574686f726974792032303137301e170d3139313231383232353132325a170d3432303731383233303032335a3065310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e313630340603550403132d4d6963726f736f66742052534120526f6f7420436572746966696361746520417574686f72697479203230313730820222300d06092a864886f70d01010105000382020f003082020a0282020100ca5bbe94338c299591160a95bd4762c189f39936df4690c9a5ed786a6f479168f8276750331da1a6fbe0e543a3840257015d9c4840825310bcbfc73b6890b6822de5f465d0cc6d19cc95f97bac4a94ad0ede4b431d8707921390808364353904fce5e96cb3b61f50943865505c1746b9b685b51cb517e8d6459dd8b226b0cac4704aae60a4ddb3d9ecfc3bd55772bc3fc8c9b2de4b6bf8236c03c005bd95c7cd733b668064e31aac2ef94705f206b69b73f578335bc7a1fb272aa1b49a918c91d33a823e7640b4cd52615170283fc5c55af2c98c49bb145b4dc8ff674d4c1296adf5fe78a89787d7fd5e2080dca14b22fbd489adbace479747557b8f45c8672884951c6830efef49e0357b64e798b094da4d853b3e55c428af57f39e13db46279f1ea25e4483a4a5cad513b34b3fc4e3c2e68661a45230b97a204f6f0f3853cb330c132b8fd69abd2ac82db11c7d4b51ca47d14827725d87ebd545e648659daf5290ba5ba2186557129f68b9d4156b94c4692298f433e0edf9518e4150c9344f7690acfc38c1d8e17bb9e3e394e14669cb0e0a506b13baac0f375ab712b590811e56ae572286d9c9d2d1d751e3ab3bc655fd1e0ed3740ad1daaaea69b897288f48c407f852433af4ca55352cb0a66ac09cf9f281e1126ac045d967b3ceff23a2890a54d414b92aa8d7ecf9abcd255832798f905b9839c40806c1ac7f0e3d00a50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041409cb597f86b2708f1ac339e3c0d9e9bfbb4db223301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100acaf3e5dc21196898ea3e792d69715b813a2a6422e02cd16055927ca20e8bab8e81aec4da89756ae6543b18f009b52cd55cd53396d624c8b0d5b7c2e44bf83108ff3538280c34f3ac76e113fe6e3169184fb6d847f3474ad89a7ceb9d7d79f846492be95a1ad095333ddee0aea4a518e6f55abbab59446ae8c7fd8a2502565608046db3304ae6cb598745425dc93e4f8e355153db86dc30aa412c169856edf64f15399e14a75209d950fe4d6dc03f15918e84789b2575a94b6a9d8172b1749e576cbc156993a37b1ff692c919193e1df4ca337764da19ff86d1e1dd3faecfbf4451d136dcff759e52227722b86f357bb30ed244ddc7d56bba3b3f8347989c1e0f20261f7a6fc0fbb1c170bae41d97cbd27a3fd2e3ad19394b1731d248baf5b2089adb7676679f53ac6a69633fe5392c846b11191c6997f8fc9d66631204110872d0cd6c1af3498ca6483fb1357d1c1f03c7a8ca5c1fd9521a071c193677112ea8f880a691964992356fbac2a2e70be66c40c84efe58bf39301f86a9093674bb268a3b5628fe93f8c7a3b5e0fe78cb8c67cef37fd74e2c84f3372e194396dbd12afbe0c4e707c1b6f8db332937344166de8f4f7e095808f965d38a4f4abde0a308793d84d00716245274b3a42845b7f65b76734522d9c166baaa8d87ba3424c71c70cca3e83e4a6efb701305e51a379f57069a641440f86b02c91c63deaae0f84 ma.exe