Analysis
-
max time kernel
125s -
max time network
135s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
12-11-2020 07:05
Static task
static1
Behavioral task
behavioral1
Sample
4d3c1112af9c8a083c4b1806b13995ff.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
4d3c1112af9c8a083c4b1806b13995ff.exe
Resource
win10v20201028
General
-
Target
4d3c1112af9c8a083c4b1806b13995ff.exe
-
Size
132KB
-
MD5
4d3c1112af9c8a083c4b1806b13995ff
-
SHA1
872d6e5e5d295899fcb19c55ceb0bb2cd5a8e263
-
SHA256
000510235af88211cab033096f5607adfecd39ec459e764aad8415223e2c9247
-
SHA512
d527d2de41f815672e327e905716bd978f3afc746d0e2a39b7332af891401e8311b5c23659f30f18b502ea86bc2f681b2a586692fd2f89eec9ccc5dc5a5ec809
Malware Config
Extracted
cobaltstrike
http://217.12.218.250:443/questions/32251816/c-sharp-directives-compilation-error
-
access_type
512
-
beacon_type
2048
-
create_remote_thread
0
-
day
0
-
dns_idle
1.34744072e+08
-
dns_sleep
0
-
host
217.12.218.250,/questions/32251816/c-sharp-directives-compilation-error
-
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQWNjZXB0LUxhbmd1YWdlOiBlbi1VUwAAAAcAAAAAAAAACAAAAAIAAAAFcHJvdj0AAAABAAAADjtub3RpY2UtY3R0PSExAAAAAQAAAA87X2dhPUdBMS4yLjk5MjQAAAABAAAABztfZ2F0PTEAAAABAAAAEDtfX3FjYT1QMC0yMTQ0NTkAAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAATQWNjZXB0LUxhbmd1YWdlOiBlbgAAAAcAAAABAAAACAAAAAIAAAAFcHJvdj0AAAABAAAADjtub3RpY2UtY3R0PSExAAAAAQAAAA87X2dhPUdBMS4yLjk5MjQAAAABAAAABztfZ2F0PTEAAAABAAAAEDtfX3FjYT1QMC0yMTQ0NTkAAAAGAAAABkNvb2tpZQAAAAcAAAAAAAAADQAAAAUAAAAJYW5zd2VydGFiAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_method1
GET
-
http_method2
GET
- injection_process
-
jitter
5632
-
maxdns
245
-
month
0
- pipe_name
-
polling_time
35000
-
port_number
443
- proxy_password
- proxy_server
- proxy_username
-
sc_process32
%windir%\syswow64\gpupdate.exe
-
sc_process64
%windir%\sysnative\gpupdate.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCT42RZXDkOt4TBaANg7RggQbQZgKIt9JoHuhWGb5HcZdWd3ZmoqFQuFJ53NsjMvGrDkwxGokAV2GaGhCCb1GHK1NigI6uBcokE6seiXhny94nDmEEu4EEdYyFgLrsswJ04NA8tnIQD11iUz7XxzwocHN1161Yj66YCBK61DUomQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
3.445232896e+09
-
unknown2
AAAABAAAAAEAAAQ/AAAAAgAAABEAAAACAAAATgAAAAIAAAAHAAAAAgAAAHMAAAACAAAAXgAAAAIAAAABAAAADQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown3
1.610612736e+09
-
unknown4
0
-
unknown5
2.018915346e+09
-
uri
/questions/32251817/c-sharp-directives-compilation-error
-
user_agent
Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36
-
year
0
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.