Overview

overview

10

Static

static

f757f920c2...65.exe

windows7_x64

10

f757f920c2...65.exe

windows10_x64

10

Analysis

  • max time kernel
    148s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-en-20211014
  • submitted
    18-11-2021 06:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f757f920c2510b66e0a61a780dd24ed2129c3f7ded568a4ad629d754e8a90565.exe

  • Size

    1.5MB

  • MD5

    831dfe5243cde5e005d71809456c8a5f

  • SHA1

    3fbf16a2cb5f88aa607c456d0b5a71e54633f78b

  • SHA256

    f757f920c2510b66e0a61a780dd24ed2129c3f7ded568a4ad629d754e8a90565

  • SHA512

    3b9cf3c5f223a6f90960dead11127cb77e8e3ca690b53572183a63f4e30faaad0d982d97b3ecc3ba737b9e95e67ca81f1f8e9358ced21d75c521636ee3dd519c

Score
10/10
cobaltstrikebackdoortrojan

Malware Config

Signatures

  • Cobaltstrike

    Detected malicious payload which is part of Cobaltstrike.

    trojanbackdoorcobaltstrike
  • Suspicious behavior: RenamesItself 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f757f920c2510b66e0a61a780dd24ed2129c3f7ded568a4ad629d754e8a90565.exe
    "C:\Users\Admin\AppData\Local\Temp\f757f920c2510b66e0a61a780dd24ed2129c3f7ded568a4ad629d754e8a90565.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    PID:1684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1684-55-0x0000000002370000-0x0000000002510000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1684-56-0x0000000180000000-0x0000000180157000-memory.dmp
    Filesize

    1.3MB

    Download
  • memory/1684-61-0x0000000180000000-0x0000000180157000-memory.dmp
    Filesize

    1.3MB

    Download
  • memory/1684-62-0x000007FEFB9C1000-0x000007FEFB9C3000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1684-63-0x0000000003650000-0x0000000003A50000-memory.dmp
    Filesize

    4.0MB

    Download