Analysis
-
max time kernel
150s -
max time network
158s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
31-01-2022 04:10
Behavioral task
behavioral1
Sample
21633bb2e378d40e3e13b88bf3a7fd397ad1229eab9730cf93fc2cc260fbdd4f.exe
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
21633bb2e378d40e3e13b88bf3a7fd397ad1229eab9730cf93fc2cc260fbdd4f.exe
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
21633bb2e378d40e3e13b88bf3a7fd397ad1229eab9730cf93fc2cc260fbdd4f.exe
-
Size
833KB
-
MD5
cb6991a10c698a7e632d3397a15a1355
-
SHA1
cdc62df36002885fd268f4ceabecb7ec007963b4
-
SHA256
21633bb2e378d40e3e13b88bf3a7fd397ad1229eab9730cf93fc2cc260fbdd4f
-
SHA512
07eb1a7cad56c7349bd8c895ccf720db2c27a93d0303ffaaaf56b15ac73606d3335a6169a8e4ea36c4f2ff7133664bf24027bff36a919037c56c4e511811162d
Score
10/10
Malware Config
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
21633bb2e378d40e3e13b88bf3a7fd397ad1229eab9730cf93fc2cc260fbdd4f.exedescription pid process target process PID 2060 wrote to memory of 3708 2060 21633bb2e378d40e3e13b88bf3a7fd397ad1229eab9730cf93fc2cc260fbdd4f.exe upnpcont.exe PID 2060 wrote to memory of 3708 2060 21633bb2e378d40e3e13b88bf3a7fd397ad1229eab9730cf93fc2cc260fbdd4f.exe upnpcont.exe PID 2060 wrote to memory of 3708 2060 21633bb2e378d40e3e13b88bf3a7fd397ad1229eab9730cf93fc2cc260fbdd4f.exe upnpcont.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\21633bb2e378d40e3e13b88bf3a7fd397ad1229eab9730cf93fc2cc260fbdd4f.exe"C:\Users\Admin\AppData\Local\Temp\21633bb2e378d40e3e13b88bf3a7fd397ad1229eab9730cf93fc2cc260fbdd4f.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SYSTEM32\upnpcont.exeupnpcont.exe2⤵