Overview

overview

10

Static

static

9

583ad904b5...e3.exe

windows7_x64

10

583ad904b5...e3.exe

windows10_x64

10

Resubmissions

27-08-2021 12:10

210827-qj4pbcbxl2 10

23-07-2021 13:10

210723-wbqdp6mgke 10

Analysis

  • max time kernel
    1748s
  • max time network
    1469s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    27-08-2021 12:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    583ad904b51ce0851f9f2cb056a9a2e3.exe

  • Size

    457KB

  • MD5

    583ad904b51ce0851f9f2cb056a9a2e3

  • SHA1

    daa33b986624b2156b336392c4d5cc1ddd184e56

  • SHA256

    95654525c7022015e1177ff2e8eba84837f6808b6568bccd87af3e55a3c1f481

  • SHA512

    ec96716efc1fe8662df5d9f0defa0f9d831a794d96bf8b5ad6c663395dd97c4127dbb4c1e8f73185a001722ef7861bedefda598df91739fd0a43ee05940d8f9c

Score
10/10
cobaltstrikebackdoortrojan

Malware Config

Signatures

  • Cobaltstrike

    Detected malicious payload which is part of Cobaltstrike.

    trojanbackdoorcobaltstrike
  • Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1228
      • C:\Users\Admin\AppData\Local\Temp\583ad904b51ce0851f9f2cb056a9a2e3.exe
        "C:\Users\Admin\AppData\Local\Temp\583ad904b51ce0851f9f2cb056a9a2e3.exe"
        2⤵
        • Suspicious use of NtCreateUserProcessOtherParentProcess
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:1860
      • C:\Users\Admin\AppData\Local\Temp\583ad904b51ce0851f9f2cb056a9a2e3.exe
        C:\Users\Admin\AppData\Local\Temp\583ad904b51ce0851f9f2cb056a9a2e3.exe 1
        2⤵
          PID:1752

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1752-66-0x0000000000000000-mapping.dmp
        Download
      • memory/1752-74-0x0000000077380000-0x000000007749F000-memory.dmp
        Filesize

        1.1MB

        Download
      • memory/1752-75-0x000007FEFE2D0000-0x000007FEFE3AB000-memory.dmp
        Filesize

        876KB

        Download
      • memory/1752-76-0x000007FEFC900000-0x000007FEFC95B000-memory.dmp
        Filesize

        364KB

        Download
      • memory/1752-77-0x000007FEFDE70000-0x000007FEFE0B0000-memory.dmp
        Filesize

        2.2MB

        Download
      • memory/1752-78-0x000007FEFD680000-0x000007FEFD6CD000-memory.dmp
        Filesize

        308KB

        Download
      • memory/1752-79-0x000007FEFAE00000-0x000007FEFAE27000-memory.dmp
        Filesize

        156KB

        Download
      • memory/1752-80-0x000007FEFD550000-0x000007FEFD5BC000-memory.dmp
        Filesize

        432KB

        Download
      • memory/1752-81-0x0000000002580000-0x00000000025C0000-memory.dmp
        Filesize

        256KB

        Download
      • memory/1752-82-0x00000000025C0000-0x0000000002645000-memory.dmp
        Filesize

        532KB

        Download
      • memory/1860-60-0x0000000140000000-0x0000000140069000-memory.dmp
        Filesize

        420KB

        Download
      • memory/1860-67-0x0000000001BA0000-0x0000000001C05000-memory.dmp
        Filesize

        404KB

        Download