Analysis
-
max time kernel
152s -
max time network
158s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
31-01-2022 04:09
Behavioral task
behavioral1
Sample
7412c47f2db8f52182d8311dbc3539d2af5305c87f052a8d70eb6fd351723476.exe
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
7412c47f2db8f52182d8311dbc3539d2af5305c87f052a8d70eb6fd351723476.exe
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
7412c47f2db8f52182d8311dbc3539d2af5305c87f052a8d70eb6fd351723476.exe
-
Size
833KB
-
MD5
6cbb5480c075679075a54e84d626227e
-
SHA1
45c3f47d6ab9eabdf17e5748aeb0ec2a7b53a7b0
-
SHA256
7412c47f2db8f52182d8311dbc3539d2af5305c87f052a8d70eb6fd351723476
-
SHA512
15ed1bfda03fe02025ddf8a46079a423977de8b9c85d5bd3e6417107ac28fe0d67e001737e18cde2b3286192c6beceb4776f821152de0016288e8c64a16bb3e8
Score
10/10
Malware Config
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
7412c47f2db8f52182d8311dbc3539d2af5305c87f052a8d70eb6fd351723476.exedescription pid process target process PID 3288 wrote to memory of 584 3288 7412c47f2db8f52182d8311dbc3539d2af5305c87f052a8d70eb6fd351723476.exe upnpcont.exe PID 3288 wrote to memory of 584 3288 7412c47f2db8f52182d8311dbc3539d2af5305c87f052a8d70eb6fd351723476.exe upnpcont.exe PID 3288 wrote to memory of 584 3288 7412c47f2db8f52182d8311dbc3539d2af5305c87f052a8d70eb6fd351723476.exe upnpcont.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\7412c47f2db8f52182d8311dbc3539d2af5305c87f052a8d70eb6fd351723476.exe"C:\Users\Admin\AppData\Local\Temp\7412c47f2db8f52182d8311dbc3539d2af5305c87f052a8d70eb6fd351723476.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SYSTEM32\upnpcont.exeupnpcont.exe2⤵