Analysis
-
max time kernel
148s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
-
submitted
26-06-2024 09:32
General
-
Target
abffa674f2156204d9456fe23352330ddaf90e3cac6f6b6b93d81cd35cbac1a1.exe
-
Size
10KB
-
MD5
c996652ed5d8d3ae1df5c86f4fb6f408
-
SHA1
3fad36b05ff4d7c50adba5bd9db2c8193ecb7315
-
SHA256
abffa674f2156204d9456fe23352330ddaf90e3cac6f6b6b93d81cd35cbac1a1
-
SHA512
66910118a53bbcff8119d934312e4e36d6b8f939f658f9246ccf3c31c8ecface6379e5b87eac5db5e522a72baf42fab3c8b466e50b4c06e4d4f4d6f6168bada3
-
SSDEEP
192:KLUsTjCPem2jFFQC+GKQA9naMLxDYJY3rMme9AAWk2:tsTjCYj+GZmxDwsAme52
Score
10/10
Malware Config
Extracted
Family
cobaltstrike
C2
http://192.168.168.10:80/RHlW
Attributes
-
user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; MANM; MANM)
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
Processes
-
C:\Users\Admin\AppData\Local\Temp\abffa674f2156204d9456fe23352330ddaf90e3cac6f6b6b93d81cd35cbac1a1.exe"C:\Users\Admin\AppData\Local\Temp\abffa674f2156204d9456fe23352330ddaf90e3cac6f6b6b93d81cd35cbac1a1.exe"1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4216,i,7869973516895866428,11647313872437892197,262144 --variations-seed-version --mojo-platform-channel-handle=4156 /prefetch:81⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1920-0-0x0000000000400000-0x000000000040F000-memory.dmpFilesize
60KB
-
memory/1920-1-0x0000000000020000-0x0000000000021000-memory.dmpFilesize
4KB