Analysis
-
max time kernel
136s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
04-07-2022 04:04
Static task
static1
Behavioral task
behavioral1
Sample
43522c6bbce95eaf69c538b583dd7fb3ce38613f9839a379878eeb1a9f40439b.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
43522c6bbce95eaf69c538b583dd7fb3ce38613f9839a379878eeb1a9f40439b.exe
Resource
win10v2004-20220414-en
General
-
Target
43522c6bbce95eaf69c538b583dd7fb3ce38613f9839a379878eeb1a9f40439b.exe
-
Size
26KB
-
MD5
2cbc817e44cdf6dffe4af9432ff71d9f
-
SHA1
8308214aa1c9a06ddd2223ba7ca8505fc6220703
-
SHA256
43522c6bbce95eaf69c538b583dd7fb3ce38613f9839a379878eeb1a9f40439b
-
SHA512
685d288348f901eada937cb2c1680b7bef241ad14bcf9da9f4f10fa2f9b073cf01fdd22879f91a861c305137eede7c0629ca153d883c5f73de0b2ff48b64ae11
Malware Config
Extracted
cobaltstrike
http://192.168.127.128:4444/ADwa
-
user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; UHS) Host: null
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4668-130-0x00007FF7C0800000-0x00007FF7C080D000-memory.dmpFilesize
52KB