Analysis
-
max time kernel
148s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
26-06-2024 09:32
Behavioral task
behavioral1
Sample
abffa674f2156204d9456fe23352330ddaf90e3cac6f6b6b93d81cd35cbac1a1.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
abffa674f2156204d9456fe23352330ddaf90e3cac6f6b6b93d81cd35cbac1a1.exe
Resource
win10v2004-20240611-en
General
-
Target
abffa674f2156204d9456fe23352330ddaf90e3cac6f6b6b93d81cd35cbac1a1.exe
-
Size
10KB
-
MD5
c996652ed5d8d3ae1df5c86f4fb6f408
-
SHA1
3fad36b05ff4d7c50adba5bd9db2c8193ecb7315
-
SHA256
abffa674f2156204d9456fe23352330ddaf90e3cac6f6b6b93d81cd35cbac1a1
-
SHA512
66910118a53bbcff8119d934312e4e36d6b8f939f658f9246ccf3c31c8ecface6379e5b87eac5db5e522a72baf42fab3c8b466e50b4c06e4d4f4d6f6168bada3
-
SSDEEP
192:KLUsTjCPem2jFFQC+GKQA9naMLxDYJY3rMme9AAWk2:tsTjCYj+GZmxDwsAme52
Malware Config
Extracted
cobaltstrike
http://192.168.168.10:80/RHlW
-
user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; MANM; MANM)
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Processes:
resource yara_rule behavioral2/memory/1920-0-0x0000000000400000-0x000000000040F000-memory.dmp upx
Processes
-
C:\Users\Admin\AppData\Local\Temp\abffa674f2156204d9456fe23352330ddaf90e3cac6f6b6b93d81cd35cbac1a1.exe"C:\Users\Admin\AppData\Local\Temp\abffa674f2156204d9456fe23352330ddaf90e3cac6f6b6b93d81cd35cbac1a1.exe"1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4216,i,7869973516895866428,11647313872437892197,262144 --variations-seed-version --mojo-platform-channel-handle=4156 /prefetch:81⤵