Overview
overview
10Static
static
1015becbaa36...1f.exe
windows7_x64
715becbaa36...1f.exe
windows10_x64
7Nuovo ordine .exe
windows7_x64
10Nuovo ordine .exe
windows10_x64
10189d5314ce...6e2b44
linux_amd64
189d5314ce...6e2b44
linux_mipsel
189d5314ce...6e2b44
linux_mips
18ccb7df2f...2a.exe
windows7_x64
1018ccb7df2f...2a.exe
windows10_x64
101b11ae98b8...4f.dll
windows7_x64
101b11ae98b8...4f.dll
windows10_x64
10204591aa6d...b8.exe
windows7_x64
10204591aa6d...b8.exe
windows10_x64
102c7540c6d0...ff.exe
windows7_x64
102c7540c6d0...ff.exe
windows10_x64
102cb4d62827...d9.dll
windows7_x64
102cb4d62827...d9.dll
windows10_x64
104fd784c26d...49.exe
windows7_x64
104fd784c26d...49.exe
windows10_x64
10553dc4c06c...5f.exe
windows7_x64
10553dc4c06c...5f.exe
windows10_x64
105afed1cccc...2d.dll
windows7_x64
105afed1cccc...2d.dll
windows10_x64
1062742e4698...10.exe
windows7_x64
1062742e4698...10.exe
windows10_x64
106707289e11...1b.exe
windows7_x64
106707289e11...1b.exe
windows10_x64
1069a43a40f0...e5.exe
windows7_x64
1069a43a40f0...e5.exe
windows10_x64
106ca42fe27f...b7.exe
windows7_x64
106ca42fe27f...b7.exe
windows10_x64
106db4bb653b...97.jar
windows7_x64
3Analysis
-
max time kernel
137s -
max time network
142s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
30-07-2021 15:25
Static task
static1
Behavioral task
behavioral1
Sample
15becbaa3657b788030771ccb6072e63f14728533aac9f1dcfe2cf89ebdac51f.exe
Resource
win7v20210410
windows7_x64
Behavioral task
behavioral2
Sample
15becbaa3657b788030771ccb6072e63f14728533aac9f1dcfe2cf89ebdac51f.exe
Resource
win10v20210410
windows10_x64
Behavioral task
behavioral3
Sample
Nuovo ordine .exe
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral4
Sample
Nuovo ordine .exe
Resource
win10v20210410
windows10_x64
Behavioral task
behavioral5
Sample
189d5314ce773d4497cd2c8aacc99f939bbc32c188d9db8a09e12005ae6e2b44
Resource
ubuntu-amd64
linux_amd64
Behavioral task
behavioral6
Sample
189d5314ce773d4497cd2c8aacc99f939bbc32c188d9db8a09e12005ae6e2b44
Resource
debian9-mipsel
linux_mipsel
Behavioral task
behavioral7
Sample
189d5314ce773d4497cd2c8aacc99f939bbc32c188d9db8a09e12005ae6e2b44
Resource
debian9-mipsbe
linux_mips
Behavioral task
behavioral8
Sample
18ccb7df2f91787a9392bf60d2f7019c86af65584c8a9c4846dee62e3240912a.exe
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral9
Sample
18ccb7df2f91787a9392bf60d2f7019c86af65584c8a9c4846dee62e3240912a.exe
Resource
win10v20210410
windows10_x64
Behavioral task
behavioral10
Sample
1b11ae98b85bb0645abe36adcd852e6e84b51c6b5c811729f3c19f14f32d4e4f.dll
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral11
Sample
1b11ae98b85bb0645abe36adcd852e6e84b51c6b5c811729f3c19f14f32d4e4f.dll
Resource
win10v20210410
windows10_x64
Behavioral task
behavioral12
Sample
204591aa6d44da7eef69d7ee3d32a9b4cb8e405a575fc3cbcf2d5e0217879cb8.exe
Resource
win7v20210410
windows7_x64
Behavioral task
behavioral13
Sample
204591aa6d44da7eef69d7ee3d32a9b4cb8e405a575fc3cbcf2d5e0217879cb8.exe
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral14
Sample
2c7540c6d066510b73a1a5c668dc74ec6d0d3f0716bb3adb6cd83afdd07f35ff.exe
Resource
win7v20210410
windows7_x64
Behavioral task
behavioral15
Sample
2c7540c6d066510b73a1a5c668dc74ec6d0d3f0716bb3adb6cd83afdd07f35ff.exe
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral16
Sample
2cb4d628278053eba42c82d58fb894c230451ffe70d519ff79c5f1cc76f32fd9.dll
Resource
win7v20210410
windows7_x64
Behavioral task
behavioral17
Sample
2cb4d628278053eba42c82d58fb894c230451ffe70d519ff79c5f1cc76f32fd9.dll
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral18
Sample
4fd784c26daf0b1877d7ffd53710b7312d89c8af0f3e640c1584d238e7e68949.exe
Resource
win7v20210410
windows7_x64
Behavioral task
behavioral19
Sample
4fd784c26daf0b1877d7ffd53710b7312d89c8af0f3e640c1584d238e7e68949.exe
Resource
win10v20210410
windows10_x64
Behavioral task
behavioral20
Sample
553dc4c06cd2a8a13eebb90e6c2a9e7fc09a81858d7233199f0f03d2051bfb5f.exe
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral21
Sample
553dc4c06cd2a8a13eebb90e6c2a9e7fc09a81858d7233199f0f03d2051bfb5f.exe
Resource
win10v20210410
windows10_x64
Behavioral task
behavioral22
Sample
5afed1ccccb12db0f6da9f25c43d10b4e63995881b65526004cd6f6a390c792d.dll
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral23
Sample
5afed1ccccb12db0f6da9f25c43d10b4e63995881b65526004cd6f6a390c792d.dll
Resource
win10v20210410
windows10_x64
Behavioral task
behavioral24
Sample
62742e4698b352658390b6b4f5088ddebb673503d5a4151f19c2face25932210.exe
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral25
Sample
62742e4698b352658390b6b4f5088ddebb673503d5a4151f19c2face25932210.exe
Resource
win10v20210410
windows10_x64
Behavioral task
behavioral26
Sample
6707289e11e16158e605882cdd2ce2fc9574428dd0114c6d6246146cb6ba7b1b.exe
Resource
win7v20210408
windows7_x64
Behavioral task
behavioral27
Sample
6707289e11e16158e605882cdd2ce2fc9574428dd0114c6d6246146cb6ba7b1b.exe
Resource
win10v20210410
windows10_x64
Behavioral task
behavioral28
Sample
69a43a40f02660c2065fe3b76861dab28cc292301c180f1eafbf6c3f7b57afe5.exe
Resource
win7v20210410
windows7_x64
Behavioral task
behavioral29
Sample
69a43a40f02660c2065fe3b76861dab28cc292301c180f1eafbf6c3f7b57afe5.exe
Resource
win10v20210408
windows10_x64
Behavioral task
behavioral30
Sample
6ca42fe27fbffcc87eb0995f36e945d8e62e0c06ea606be6a32382eb557970b7.exe
Resource
win7v20210410
windows7_x64
Behavioral task
behavioral31
Sample
6ca42fe27fbffcc87eb0995f36e945d8e62e0c06ea606be6a32382eb557970b7.exe
Resource
win10v20210410
windows10_x64
Behavioral task
behavioral32
Sample
6db4bb653b7dc11b7cda176c18697d9b2a758b2e1de9b83e3804dce2fbc8ba97.jar
Resource
win7v20210410
windows7_x64
General
-
Target
1b11ae98b85bb0645abe36adcd852e6e84b51c6b5c811729f3c19f14f32d4e4f.dll
-
Size
380KB
-
MD5
3a11f98d3d4fb8df67c97dc1bd06ff2e
-
SHA1
c3e206b0babe20ffd9663a4e28272ef6c24bab8a
-
SHA256
1b11ae98b85bb0645abe36adcd852e6e84b51c6b5c811729f3c19f14f32d4e4f
-
SHA512
bbc4bf5b0d7d4a303f19f33f7065fc2ca2c40590baf8a7d7994344c8f1c76f2e756ed5892f36b1743546ba2460e13f599825b551306a3773cb9570f6bc626d52
Malware Config
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Suspicious use of NtCreateProcessExOtherParentProcess 1 IoCs
description pid Process procid_target PID 4028 created 2732 4028 WerFault.exe 76 -
Suspicious use of SetThreadContext 2 IoCs
description pid Process procid_target PID 3244 set thread context of 2732 3244 rundll32.exe 76 PID 3244 set thread context of 2624 3244 rundll32.exe 81 -
Program crash 1 IoCs
pid pid_target Process procid_target 4028 2732 WerFault.exe 76 -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 3244 wrote to memory of 2732 3244 rundll32.exe 76 PID 3244 wrote to memory of 2732 3244 rundll32.exe 76 PID 3244 wrote to memory of 2732 3244 rundll32.exe 76 PID 3244 wrote to memory of 2624 3244 rundll32.exe 81 PID 3244 wrote to memory of 2624 3244 rundll32.exe 81 PID 3244 wrote to memory of 2624 3244 rundll32.exe 81
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1b11ae98b85bb0645abe36adcd852e6e84b51c6b5c811729f3c19f14f32d4e4f.dll,#11⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3244 -
C:\Windows\splwow64.exe"C:\Windows\splwow64.exe"2⤵PID:2732
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2732 -s 83⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Program crash
PID:4028
-
-
-
C:\Windows\splwow64.exe"C:\Windows\splwow64.exe"2⤵PID:2624
-