General
-
Target
c1c212c43955c7e2ec5467c6a1eb5e875ad660eddb728019caa261b03c3ab964
-
Size
1.4MB
-
Sample
240702-f4p6gsxgrc
-
MD5
501421bcb0f4bc8d1fe5dcaeb47cbc77
-
SHA1
76ec9e0c013f4c37bf59b21c29eecbd4edae8e24
-
SHA256
c1c212c43955c7e2ec5467c6a1eb5e875ad660eddb728019caa261b03c3ab964
-
SHA512
e6d524137caf4b9ad384141d63e5140127c91d42c68801ebced474465505a38dbead7f6cc5edcb705b5bb2cf0473c1b828aa2596bf54daa21ec7df82902388a0
-
SSDEEP
24576:0Hyi0YRzZgx/jtTObFtURiRQkzRQD9ZkdxTu5iZpUHLQfRRNi:HIIhTObMbIItryi
Static task
static1
Behavioral task
behavioral1
Sample
c1c212c43955c7e2ec5467c6a1eb5e875ad660eddb728019caa261b03c3ab964.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
c1c212c43955c7e2ec5467c6a1eb5e875ad660eddb728019caa261b03c3ab964.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
cobaltstrike
http://49.233.48.44:443/Rpc
-
user_agent
Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)
Targets
-
-
Target
c1c212c43955c7e2ec5467c6a1eb5e875ad660eddb728019caa261b03c3ab964
-
Size
1.4MB
-
MD5
501421bcb0f4bc8d1fe5dcaeb47cbc77
-
SHA1
76ec9e0c013f4c37bf59b21c29eecbd4edae8e24
-
SHA256
c1c212c43955c7e2ec5467c6a1eb5e875ad660eddb728019caa261b03c3ab964
-
SHA512
e6d524137caf4b9ad384141d63e5140127c91d42c68801ebced474465505a38dbead7f6cc5edcb705b5bb2cf0473c1b828aa2596bf54daa21ec7df82902388a0
-
SSDEEP
24576:0Hyi0YRzZgx/jtTObFtURiRQkzRQD9ZkdxTu5iZpUHLQfRRNi:HIIhTObMbIItryi
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Loads dropped DLL
-