Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
26-06-2024 09:32
Behavioral task
behavioral1
Sample
abffa674f2156204d9456fe23352330ddaf90e3cac6f6b6b93d81cd35cbac1a1.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
abffa674f2156204d9456fe23352330ddaf90e3cac6f6b6b93d81cd35cbac1a1.exe
Resource
win10v2004-20240611-en
General
-
Target
abffa674f2156204d9456fe23352330ddaf90e3cac6f6b6b93d81cd35cbac1a1.exe
-
Size
10KB
-
MD5
c996652ed5d8d3ae1df5c86f4fb6f408
-
SHA1
3fad36b05ff4d7c50adba5bd9db2c8193ecb7315
-
SHA256
abffa674f2156204d9456fe23352330ddaf90e3cac6f6b6b93d81cd35cbac1a1
-
SHA512
66910118a53bbcff8119d934312e4e36d6b8f939f658f9246ccf3c31c8ecface6379e5b87eac5db5e522a72baf42fab3c8b466e50b4c06e4d4f4d6f6168bada3
-
SSDEEP
192:KLUsTjCPem2jFFQC+GKQA9naMLxDYJY3rMme9AAWk2:tsTjCYj+GZmxDwsAme52
Malware Config
Extracted
cobaltstrike
http://192.168.168.10:80/RHlW
-
user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; MANM; MANM)
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Processes:
resource yara_rule behavioral1/memory/1916-0-0x0000000000400000-0x000000000040F000-memory.dmp upx behavioral1/memory/1916-2-0x0000000000400000-0x000000000040F000-memory.dmp upx