Analysis
-
max time kernel
151s -
max time network
174s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
31-01-2022 04:09
Behavioral task
behavioral1
Sample
712fb79d19d8e77a9f0b3f7d469a7277315838e242c821ee361ca70e1099d932.exe
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
712fb79d19d8e77a9f0b3f7d469a7277315838e242c821ee361ca70e1099d932.exe
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
712fb79d19d8e77a9f0b3f7d469a7277315838e242c821ee361ca70e1099d932.exe
-
Size
833KB
-
MD5
70ef6b2d2f01d1ff0732f7d9617b610e
-
SHA1
40bc8629f145c9092408482ca126e322a26eab47
-
SHA256
712fb79d19d8e77a9f0b3f7d469a7277315838e242c821ee361ca70e1099d932
-
SHA512
8ceded8c21513d3e77ca66ea6c694e763f4c597d109b58dbecb4873ca97b1cea779eda14b03640db0adf5aa00a8ef6eeac67948057e0594d3fb395769547f981
Score
10/10
Malware Config
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
712fb79d19d8e77a9f0b3f7d469a7277315838e242c821ee361ca70e1099d932.exedescription pid process target process PID 2828 wrote to memory of 1172 2828 712fb79d19d8e77a9f0b3f7d469a7277315838e242c821ee361ca70e1099d932.exe upnpcont.exe PID 2828 wrote to memory of 1172 2828 712fb79d19d8e77a9f0b3f7d469a7277315838e242c821ee361ca70e1099d932.exe upnpcont.exe PID 2828 wrote to memory of 1172 2828 712fb79d19d8e77a9f0b3f7d469a7277315838e242c821ee361ca70e1099d932.exe upnpcont.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\712fb79d19d8e77a9f0b3f7d469a7277315838e242c821ee361ca70e1099d932.exe"C:\Users\Admin\AppData\Local\Temp\712fb79d19d8e77a9f0b3f7d469a7277315838e242c821ee361ca70e1099d932.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SYSTEM32\upnpcont.exeupnpcont.exe2⤵