Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
21-01-2021 06:19
General
-
Target
566aa77fe83a1964a7f44ca69b1477a50b1f93ab42df4b137c7177cb38531368.exe
-
Size
281KB
-
MD5
8104f69d3822c903742bfa27960d3b6a
-
SHA1
431f3181805ff9e071d600e7a4a122099d2630ee
-
SHA256
566aa77fe83a1964a7f44ca69b1477a50b1f93ab42df4b137c7177cb38531368
-
SHA512
1ab0c1331807804190838f9650c09a54cca3537ffc6aa69385a62aec3e00367e9f12aea855dbda91fac9bc65801e7b59ccbc1d579d54d78e5bd6027249b8c724
Score
10/10
Malware Config
Extracted
Family
cobaltstrike
C2
http://207.148.123.136:12443/as.html
Attributes
-
access_type
0
-
beacon_type
0
-
create_remote_thread
0
-
day
0
-
dns_idle
0
-
dns_sleep
0
- host
- http_header1
- http_header2
- http_method1
- http_method2
- injection_process
-
jitter
0
-
maxdns
0
-
month
0
- pipe_name
-
polling_time
0
-
port_number
0
- proxy_password
- proxy_server
- proxy_username
- sc_process32
- sc_process64
- state_machine
-
unknown1
0
- unknown2
-
unknown3
0
-
unknown4
0
-
unknown5
0
- uri
- user_agent
-
year
0
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
Processes
-
C:\Users\Admin\AppData\Local\Temp\566aa77fe83a1964a7f44ca69b1477a50b1f93ab42df4b137c7177cb38531368.exe"C:\Users\Admin\AppData\Local\Temp\566aa77fe83a1964a7f44ca69b1477a50b1f93ab42df4b137c7177cb38531368.exe"1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/652-2-0x0000000000140000-0x0000000000180000-memory.dmpFilesize
256KB
-
memory/652-3-0x0000000000650000-0x00000000006D5000-memory.dmpFilesize
532KB
-
memory/652-4-0x0000000000650000-0x00000000006D5000-memory.dmpFilesize
532KB