Analysis
-
max time kernel
165s -
max time network
165s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
31-01-2022 04:08
Behavioral task
behavioral1
Sample
ae1cbeb25f83ecb39372f83e9c0ca36364e1cd0207f07afb4cd240b4b1b96842.exe
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
ae1cbeb25f83ecb39372f83e9c0ca36364e1cd0207f07afb4cd240b4b1b96842.exe
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
ae1cbeb25f83ecb39372f83e9c0ca36364e1cd0207f07afb4cd240b4b1b96842.exe
-
Size
833KB
-
MD5
5773e9876cdf907b9b06d85a216dccb7
-
SHA1
a6f41d1ae97e18fe627fb13fbffdac6d55407a42
-
SHA256
ae1cbeb25f83ecb39372f83e9c0ca36364e1cd0207f07afb4cd240b4b1b96842
-
SHA512
9613a067673404784f1c0b58aefea80a0b35b991ad0ee34459f608729d5204697b43b26489abbd8396429136702b0020b62d309102c4cbacf7a1a8e413723fb1
Score
10/10
Malware Config
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
ae1cbeb25f83ecb39372f83e9c0ca36364e1cd0207f07afb4cd240b4b1b96842.exedescription pid process target process PID 3716 wrote to memory of 2596 3716 ae1cbeb25f83ecb39372f83e9c0ca36364e1cd0207f07afb4cd240b4b1b96842.exe upnpcont.exe PID 3716 wrote to memory of 2596 3716 ae1cbeb25f83ecb39372f83e9c0ca36364e1cd0207f07afb4cd240b4b1b96842.exe upnpcont.exe PID 3716 wrote to memory of 2596 3716 ae1cbeb25f83ecb39372f83e9c0ca36364e1cd0207f07afb4cd240b4b1b96842.exe upnpcont.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\ae1cbeb25f83ecb39372f83e9c0ca36364e1cd0207f07afb4cd240b4b1b96842.exe"C:\Users\Admin\AppData\Local\Temp\ae1cbeb25f83ecb39372f83e9c0ca36364e1cd0207f07afb4cd240b4b1b96842.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SYSTEM32\upnpcont.exeupnpcont.exe2⤵