Overview

overview

10

Static

static

10

Dumped_Bea...86.dll

windows7_x64

1

Dumped_Bea...86.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Dumped_Beacon_DLL_powershell_ise_exe_PIDd7c_hiddenmodule_4480000_x86.zip

  • Size

    109KB

  • Sample

    201112-tnenetw3z2

  • MD5

    15e680539937b3cdfb2140b7c176c754

  • SHA1

    7c2de72357f4b0a2dafbb8f1f0c9735b26755291

  • SHA256

    d702d8b0a40a03bd11d5a645d2da52228e9275e68531c390b65a77709a8e3e86

  • SHA512

    1d51ce25a5f1890cbade191ed7d54b33e3d7c7c2978b74a414f483c39104096b28d6bbb3d7f72bfba08f2a69ff5c5a34ab40f0714177034c2cf24e54308c42b0

Score
10/10
cobaltstrike

Malware Config

Targets

    • Target

      Dumped_Beacon_DLL_powershell_ise_exe_PIDd7c_hiddenmodule_4480000_x86.dll

    • Size

      248KB

    • MD5

      7d55a3f0151b59a1a28a8bb0519176be

    • SHA1

      4dc08fc88a7c8af4557df0a0b28df5b67751c1e3

    • SHA256

      0d0c1dc04c2a607e0042f4611a1b975cae82b3bb7e5e5ff912f23924ee1b88c5

    • SHA512

      440fec1b76830ff35146b7ad2cc082e64e5ac39cde120849442cdf2ea265e0e5a5d107ae204cdfe367deca7d478bb46061d06530bf7983ddbde61918aecb1d0d

    Score
    10/10

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • ServiceHost packer

      Detects ServiceHost packer used for .NET malware

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks