Analysis
-
max time kernel
123s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
04-07-2022 00:04
Static task
static1
Behavioral task
behavioral1
Sample
e29626e9cf755cc084adf9c08b0f6fd5750d86f5cfe580ca971c29c0110f590e.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
e29626e9cf755cc084adf9c08b0f6fd5750d86f5cfe580ca971c29c0110f590e.exe
Resource
win10v2004-20220414-en
General
-
Target
e29626e9cf755cc084adf9c08b0f6fd5750d86f5cfe580ca971c29c0110f590e.exe
-
Size
252KB
-
MD5
ba170b8e67894178b768b38bce05bfb5
-
SHA1
c0cd01af7e9876f060b292cc595894705dbb2ff7
-
SHA256
e29626e9cf755cc084adf9c08b0f6fd5750d86f5cfe580ca971c29c0110f590e
-
SHA512
81a1b0c7a6596761ab106c390df9dc182aa0a6454198ed9c473c9b443514c0c1ab9c3f23d03ce51aac4c609ceaa2f8325e5208ad014e9dd8d62fd4406b0f85ba
Malware Config
Extracted
cobaltstrike
0
-
watermark
0
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
suricata: ET MALWARE Cobalt Strike Beacon Observed
suricata: ET MALWARE Cobalt Strike Beacon Observed
-
suricata: ET MALWARE Successful Cobalt Strike Shellcode Download (x64) M1
suricata: ET MALWARE Successful Cobalt Strike Shellcode Download (x64) M1
-
Executes dropped EXE 1 IoCs
Processes:
winsver.exepid process 4572 winsver.exe -
Suspicious use of WriteProcessMemory 2 IoCs
Processes:
e29626e9cf755cc084adf9c08b0f6fd5750d86f5cfe580ca971c29c0110f590e.exedescription pid process target process PID 2672 wrote to memory of 4572 2672 e29626e9cf755cc084adf9c08b0f6fd5750d86f5cfe580ca971c29c0110f590e.exe winsver.exe PID 2672 wrote to memory of 4572 2672 e29626e9cf755cc084adf9c08b0f6fd5750d86f5cfe580ca971c29c0110f590e.exe winsver.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\e29626e9cf755cc084adf9c08b0f6fd5750d86f5cfe580ca971c29c0110f590e.exe"C:\Users\Admin\AppData\Local\Temp\e29626e9cf755cc084adf9c08b0f6fd5750d86f5cfe580ca971c29c0110f590e.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Public\winsver.exe"C:\Users\Public\winsver.exe"2⤵
- Executes dropped EXE
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Public\winsver.exeFilesize
252KB
MD5ba170b8e67894178b768b38bce05bfb5
SHA1c0cd01af7e9876f060b292cc595894705dbb2ff7
SHA256e29626e9cf755cc084adf9c08b0f6fd5750d86f5cfe580ca971c29c0110f590e
SHA51281a1b0c7a6596761ab106c390df9dc182aa0a6454198ed9c473c9b443514c0c1ab9c3f23d03ce51aac4c609ceaa2f8325e5208ad014e9dd8d62fd4406b0f85ba
-
C:\Users\Public\winsver.exeFilesize
252KB
MD5ba170b8e67894178b768b38bce05bfb5
SHA1c0cd01af7e9876f060b292cc595894705dbb2ff7
SHA256e29626e9cf755cc084adf9c08b0f6fd5750d86f5cfe580ca971c29c0110f590e
SHA51281a1b0c7a6596761ab106c390df9dc182aa0a6454198ed9c473c9b443514c0c1ab9c3f23d03ce51aac4c609ceaa2f8325e5208ad014e9dd8d62fd4406b0f85ba
-
memory/4572-130-0x0000000000000000-mapping.dmp
-
memory/4572-133-0x000002321A510000-0x000002321A910000-memory.dmpFilesize
4.0MB
-
memory/4572-134-0x000002321A910000-0x000002321A95C000-memory.dmpFilesize
304KB