Overview

overview

10

Static

static

chrome(1).exe

windows10_x64

10

Analysis

  • max time kernel
    22s
  • max time network
    36s
  • platform
    windows10_x64
  • resource
    win10-en-20210920
  • submitted
    18-10-2021 06:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    chrome(1).exe

  • Size

    978KB

  • MD5

    68864c1edd9af2966f0dc96e0b6dad3d

  • SHA1

    e8b87bb0ab35df9356374dfa1fcd38630563c338

  • SHA256

    bd3ae3a0c2fc66aa64c1b23d962b7e169be1d9fd1e5b42e5bb155f2f5fb9acd6

  • SHA512

    692a57f632e2372dc0b712f7163bb533df3ff9834614dff3196c6de5ad9257e6201188c7d4a92f5548938a07af97805595bf70fc626fd36edfe4c3952cdb4453

Score
10/10
cobaltstrike1359593325backdoortrojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

1359593325

C2

http://49.235.67.65:443/c/msdownload/update/others/2021/03/29136388_

Attributes
  • access_type

    512

  • beacon_type

    2048

  • host

    49.235.67.65,/c/msdownload/update/others/2021/03/29136388_

  • http_header1

    AAAACgAAAAtBY2NlcHQ6ICovKgAAABAAAAAgSG9zdDogZG93bmxvYWQud2luZG93c3VwZGF0ZS5jb20AAAAHAAAAAAAAAAMAAAACAAAACFNFU1NJT049AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAAAtBY2NlcHQ6ICovKgAAABAAAAAgSG9zdDogZG93bmxvYWQud2luZG93c3VwZGF0ZS5jb20AAAAHAAAAAAAAAAUAAAAJdXBkYXRlX2lkAAAABwAAAAEAAAADAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • jitter

    5120

  • polling_time

    10000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\wusa.exe

  • sc_process64

    %windir%\sysnative\wusa.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEqTd/h84o/ffiKsFiZIKMZGTozPerHLN1Pff82qr7TnJc0MUPmRpB2OTQI9p1ru6yHFaBFVs/588rjkGGTLa9GqDO1QS/FbfvhEI4TwxrnFR7/V+lXznBbeVTw7Cg3SFOznyXzkuIQDu8YRd/7d00A+J535G8BL5iVItJqRdwQwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /c/msdownload/update/others/2020/10/28986731_

  • user_agent

    Windows-Update-Agent/10.0.10011.16384 Client-Protocol/1.40

  • watermark

    1359593325

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\chrome(1).exe
    "C:\Users\Admin\AppData\Local\Temp\chrome(1).exe"
    1⤵
      PID:2432

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2432-115-0x000000C000086000-0x000000C000088000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2432-116-0x000002D2EF650000-0x000002D2EFA50000-memory.dmp
      Filesize

      4.0MB

      Download