Analysis
-
max time kernel
144s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
05-07-2022 13:51
Static task
static1
Behavioral task
behavioral1
Sample
1585cc8a5c403cc01450df1340d37960.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
1585cc8a5c403cc01450df1340d37960.exe
Resource
win10v2004-20220414-en
General
-
Target
1585cc8a5c403cc01450df1340d37960.exe
-
Size
9KB
-
MD5
1585cc8a5c403cc01450df1340d37960
-
SHA1
dff56cae33d50951b069e6975763efe76612856e
-
SHA256
7813f5cf2dec934b3bee4f6317f80e11e015e0598fb73c6cf3d3b666e7b540dd
-
SHA512
57ff449893904d194854dacee51af0c9a0b8758980876a23c53f33bccf7518723efcf6f98cb52c6c41e4e920a60a30b2d7f75404cefc36d34066de42176ae027
Malware Config
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
suricata: ET MALWARE Possible Metasploit Payload Common Construct Bind_API (from server)
suricata: ET MALWARE Possible Metasploit Payload Common Construct Bind_API (from server)
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1108-130-0x0000000000860000-0x0000000000868000-memory.dmpFilesize
32KB
-
memory/1108-131-0x0000000005150000-0x000000000517E000-memory.dmpFilesize
184KB
-
memory/1108-132-0x00000000052B0000-0x00000000052E3000-memory.dmpFilesize
204KB
-
memory/1108-134-0x0000000005430000-0x0000000005530000-memory.dmpFilesize
1024KB
-
memory/1108-135-0x0000000005530000-0x0000000005585000-memory.dmpFilesize
340KB
-
memory/1108-136-0x0000000005180000-0x00000000051A0000-memory.dmpFilesize
128KB
-
memory/1108-139-0x0000000000F10000-0x0000000000F2D000-memory.dmpFilesize
116KB
-
memory/1108-141-0x00000000052B0000-0x00000000052E3000-memory.dmpFilesize
204KB
-
memory/1108-142-0x0000000005430000-0x0000000005530000-memory.dmpFilesize
1024KB
-
memory/1108-143-0x0000000000F10000-0x0000000000F2D000-memory.dmpFilesize
116KB