Analysis

  • max time kernel
    135s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    24-04-2021 19:52

General

  • Target

    Microsofttool.exe

  • Size

    328KB

  • MD5

    2f993c745f5a16632776a90990e6da90

  • SHA1

    d414bad2a24822eedc363ad4f547c4c1a22b875a

  • SHA256

    6f7d0ca8354db2dd7ba0d0ebba56c1d221604a849f4d040c6fc3ce3035c71a95

  • SHA512

    b56de6829c3444094d28032805f448d07df7114fb7b8d915ea0437090d1902f8243128129980330a789f4c4a93082f4e168915aaa3f9b9f32feffa0b3644b454

Malware Config

Extracted

Family

cobaltstrike

C2

http://42.194.183.201:80/NmXJ

Attributes
  • user_agent

    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\Microsofttool.exe
    "C:\Users\Admin\AppData\Local\Temp\Microsofttool.exe"
    1⤵
      PID:308

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/308-60-0x0000000000020000-0x0000000000021000-memory.dmp
      Filesize

      4KB

    • memory/308-61-0x000007FEFC661000-0x000007FEFC663000-memory.dmp
      Filesize

      8KB