Overview

overview

10

Static

static

9

dridex

windows10_x64

10

Analysis

  • max time kernel
    12s
  • max time network
    118s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    22-06-2021 15:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    636c365ebb201441813a232b246732ab341e2725564ec892bffcf700d435759d.exe

  • Size

    316KB

  • MD5

    fc5e03ed61bee524859cf2816790a634

  • SHA1

    02246c94b59d396d0febe3b8682092de497591dc

  • SHA256

    636c365ebb201441813a232b246732ab341e2725564ec892bffcf700d435759d

  • SHA512

    6022d42ce7ae518c11bd5c37528bfffcd5b0929766d69600b70960b24760432f5efd2c114df14297e73fd1d5dfde7a9842ae935e382460157fd6a059aa1e1035

Score
10/10
cobaltstrikebackdoortrojan

Malware Config

Signatures

  • Cobaltstrike

    Detected malicious payload which is part of Cobaltstrike.

    trojanbackdoorcobaltstrike
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\636c365ebb201441813a232b246732ab341e2725564ec892bffcf700d435759d.exe
    "C:\Users\Admin\AppData\Local\Temp\636c365ebb201441813a232b246732ab341e2725564ec892bffcf700d435759d.exe"
    1⤵
      PID:3692
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 512
        2⤵
        • Program crash
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2916

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3692-114-0x00000000021D0000-0x0000000002203000-memory.dmp
      Filesize

      204KB

      Download
    • memory/3692-115-0x0000000002030000-0x0000000002077000-memory.dmp
      Filesize

      284KB

      Download
    • memory/3692-116-0x0000000000400000-0x0000000000452000-memory.dmp
      Filesize

      328KB

      Download