Analysis
-
max time kernel
133s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
17-03-2022 16:19
Behavioral task
behavioral1
Sample
tool.exe
Resource
win10v2004-en-20220113
0 signatures
0 seconds
General
-
Target
tool.exe
-
Size
366KB
-
MD5
518d125bb64a8f8dc8b94054daf5e6df
-
SHA1
549735f585590452985451faf8ab1e6f22903abf
-
SHA256
950008035d225dd5f4c3a229082f1206eb9bce8c4aa4822b130db065da54e224
-
SHA512
59ba254d3f7a37a760d709807de28b1b99bb0f92304e2177e67c30ca24b7fc4428608d392513706e663a49449f065c3719e318ddc7752d414441fe2895b1cb89
Score
10/10
Malware Config
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
CobaltStrike 2 IoCs
Processes:
resource yara_rule behavioral1/memory/2608-132-0x0000000002120000-0x0000000002153000-memory.dmp CobaltStrike behavioral1/memory/2608-133-0x00000000024E0000-0x000000000251D000-memory.dmp CobaltStrike
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2608-130-0x0000000002080000-0x00000000020C7000-memory.dmpFilesize
284KB
-
memory/2608-131-0x0000000000400000-0x000000000045E000-memory.dmpFilesize
376KB
-
memory/2608-132-0x0000000002120000-0x0000000002153000-memory.dmpFilesize
204KB
-
memory/2608-133-0x00000000024E0000-0x000000000251D000-memory.dmpFilesize
244KB