General
-
Target
Employee-Bonus.exe
-
Size
97KB
-
Sample
210308-r9csy6wkvx
-
MD5
b2a682b8fe731d3c9a97b8fbf1cd84ae
-
SHA1
ebbbbeadbfcff24fd604167a628cf12ab2bb9c6c
-
SHA256
84cef0aed269e6213bfa213d95a3db625bcdde130f33bf4227436985e4473252
-
SHA512
6aa9246f88e398d1167126e88c90fc5a4049d7361ec4853abd1094d667ba0be42964190f17c0b40615856d44724989439c2d9fb53cbd2b69b135832d8e8522f2
Static task
static1
Behavioral task
behavioral1
Sample
Employee-Bonus.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Employee-Bonus.exe
Resource
win10v20201028
Malware Config
Extracted
cobaltstrike
windows/download_exec
http://jumpbill.com:443/image-directory/eso.jpg
Targets
-
-
Target
Employee-Bonus.exe
-
Size
97KB
-
MD5
b2a682b8fe731d3c9a97b8fbf1cd84ae
-
SHA1
ebbbbeadbfcff24fd604167a628cf12ab2bb9c6c
-
SHA256
84cef0aed269e6213bfa213d95a3db625bcdde130f33bf4227436985e4473252
-
SHA512
6aa9246f88e398d1167126e88c90fc5a4049d7361ec4853abd1094d667ba0be42964190f17c0b40615856d44724989439c2d9fb53cbd2b69b135832d8e8522f2
Score10/10-
Suspicious use of NtCreateProcessExOtherParentProcess
-