Analysis
-
max time kernel
12s -
max time network
153s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
05-05-2021 08:05
Static task
static1
Behavioral task
behavioral1
Sample
b5d2585a_by_Libranalysis.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
b5d2585a_by_Libranalysis.exe
Resource
win10v20210410
General
-
Target
b5d2585a_by_Libranalysis.exe
-
Size
72KB
-
MD5
b5d2585a9d50e788a37d6700ed8133cf
-
SHA1
c6617ceea2106f76078c195a4a86cb7e6fc31507
-
SHA256
0d1fbb35e0a41955bb9e49e3e765be71121a661ba0b374c5e352be5a87639240
-
SHA512
70e05be3e01dc7d779f9a8313efc256af5c0819acc1d3b7d0247767ed85fa4f40aa641bf1ebc366310557e88bd9bc25144c5f9a2c8180f58ebc91a44c1d5b6e5
Malware Config
Extracted
metasploit
windows/reverse_tcp
13.59.15.185:16297
Extracted
metasploit
encoder/shikata_ga_nai
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1684-59-0x0000000000020000-0x0000000000021000-memory.dmpFilesize
4KB
-
memory/1684-60-0x0000000000230000-0x000000000025B000-memory.dmpFilesize
172KB
-
memory/1684-61-0x0000000000260000-0x0000000000291000-memory.dmpFilesize
196KB
-
memory/1684-62-0x0000000000360000-0x00000000003BF000-memory.dmpFilesize
380KB
-
memory/1684-63-0x0000000000460000-0x0000000000480000-memory.dmpFilesize
128KB