General
-
Target
5e92ce4cef6703976c149149ae4bcf4f47e1e9c1be7837293ae10f61a29944cb
-
Size
1.4MB
-
Sample
240702-f4q3sa1hnp
-
MD5
01b3a61cc62086f1be20f992c618de56
-
SHA1
2750b111d8705cc5d30796042a53423d451bea76
-
SHA256
5e92ce4cef6703976c149149ae4bcf4f47e1e9c1be7837293ae10f61a29944cb
-
SHA512
60e3770f2f1ed789b67e0922eca2fd984017b0424495b72d5d91d673c82e3bbd0e3c68c391e3147adc1d3d773139de3a2a9f0d5d29dd2bceb1247a6481b6c23b
-
SSDEEP
24576:0Hyi0YRzZgx/jtTObFtURiRQkzRQD9ZkdxTu5iZpUHLQfRRNK:HIIhTObMbIItryK
Static task
static1
Behavioral task
behavioral1
Sample
5e92ce4cef6703976c149149ae4bcf4f47e1e9c1be7837293ae10f61a29944cb.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
5e92ce4cef6703976c149149ae4bcf4f47e1e9c1be7837293ae10f61a29944cb.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
cobaltstrike
http://49.233.48.44:443/Rpc
-
user_agent
Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko)
Targets
-
-
Target
5e92ce4cef6703976c149149ae4bcf4f47e1e9c1be7837293ae10f61a29944cb
-
Size
1.4MB
-
MD5
01b3a61cc62086f1be20f992c618de56
-
SHA1
2750b111d8705cc5d30796042a53423d451bea76
-
SHA256
5e92ce4cef6703976c149149ae4bcf4f47e1e9c1be7837293ae10f61a29944cb
-
SHA512
60e3770f2f1ed789b67e0922eca2fd984017b0424495b72d5d91d673c82e3bbd0e3c68c391e3147adc1d3d773139de3a2a9f0d5d29dd2bceb1247a6481b6c23b
-
SSDEEP
24576:0Hyi0YRzZgx/jtTObFtURiRQkzRQD9ZkdxTu5iZpUHLQfRRNK:HIIhTObMbIItryK
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Loads dropped DLL
-