Analysis
-
max time kernel
148s -
max time network
148s -
platform
windows7_x64 -
resource
win7-en-20211014 -
submitted
18-11-2021 06:13
Static task
static1
Behavioral task
behavioral1
Sample
f757f920c2510b66e0a61a780dd24ed2129c3f7ded568a4ad629d754e8a90565.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
f757f920c2510b66e0a61a780dd24ed2129c3f7ded568a4ad629d754e8a90565.exe
Resource
win10-en-20211104
General
-
Target
f757f920c2510b66e0a61a780dd24ed2129c3f7ded568a4ad629d754e8a90565.exe
-
Size
1.5MB
-
MD5
831dfe5243cde5e005d71809456c8a5f
-
SHA1
3fbf16a2cb5f88aa607c456d0b5a71e54633f78b
-
SHA256
f757f920c2510b66e0a61a780dd24ed2129c3f7ded568a4ad629d754e8a90565
-
SHA512
3b9cf3c5f223a6f90960dead11127cb77e8e3ca690b53572183a63f4e30faaad0d982d97b3ecc3ba737b9e95e67ca81f1f8e9358ced21d75c521636ee3dd519c
Malware Config
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Suspicious behavior: RenamesItself 1 IoCs
Processes:
f757f920c2510b66e0a61a780dd24ed2129c3f7ded568a4ad629d754e8a90565.exepid process 1684 f757f920c2510b66e0a61a780dd24ed2129c3f7ded568a4ad629d754e8a90565.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1684-55-0x0000000002370000-0x0000000002510000-memory.dmpFilesize
1.6MB
-
memory/1684-56-0x0000000180000000-0x0000000180157000-memory.dmpFilesize
1.3MB
-
memory/1684-61-0x0000000180000000-0x0000000180157000-memory.dmpFilesize
1.3MB
-
memory/1684-62-0x000007FEFB9C1000-0x000007FEFB9C3000-memory.dmpFilesize
8KB
-
memory/1684-63-0x0000000003650000-0x0000000003A50000-memory.dmpFilesize
4.0MB