Overview

overview

10

Static

static

d1d9264647...33.exe

windows7_x64

10

d1d9264647...33.exe

windows10_x64

10

Resubmissions

26-11-2020 06:04

201126-mag4t2n6dn 10

19-11-2020 13:40

201119-pnvq4e87n2 10

Analysis

  • max time kernel
    150s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    19-11-2020 13:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d1d92646470e4eb6d4351d482d1c9433e4d00b691e499edc68e5492e1925c633.exe

  • Size

    368KB

  • MD5

    bfb686edd15d207d4fbaa36328925f0c

  • SHA1

    8731316018d005690046909f86b10a2130cfe75c

  • SHA256

    d1d92646470e4eb6d4351d482d1c9433e4d00b691e499edc68e5492e1925c633

  • SHA512

    9e14cdf2b47c72a84d19bf4d6804ca9e5f940abddd65656222ca65a4303414a9d5efc548a5ce31a99ca761951d3d8fb5cd49fcaf021add40c69fc1033760b811

Score
10/10
cobaltstrikebackdoortrojan

Malware Config

Signatures

  • Cobaltstrike

    Detected malicious payload which is part of Cobaltstrike.

    trojanbackdoorcobaltstrike
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 17 IoCs
  • Suspicious use of SendNotifyMessage 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d1d92646470e4eb6d4351d482d1c9433e4d00b691e499edc68e5492e1925c633.exe
    "C:\Users\Admin\AppData\Local\Temp\d1d92646470e4eb6d4351d482d1c9433e4d00b691e499edc68e5492e1925c633.exe"
    1⤵
      PID:760
    • C:\Windows\system32\taskmgr.exe
      "C:\Windows\system32\taskmgr.exe" /4
      1⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:916

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/760-0-0x0000000000380000-0x00000000003B3000-memory.dmp
      Filesize

      204KB

      Download