Overview

overview

10

Static

static

1585cc8a5c...60.exe

windows7_x64

10

1585cc8a5c...60.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    144s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    05-07-2022 13:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1585cc8a5c403cc01450df1340d37960.exe

  • Size

    9KB

  • MD5

    1585cc8a5c403cc01450df1340d37960

  • SHA1

    dff56cae33d50951b069e6975763efe76612856e

  • SHA256

    7813f5cf2dec934b3bee4f6317f80e11e015e0598fb73c6cf3d3b666e7b540dd

  • SHA512

    57ff449893904d194854dacee51af0c9a0b8758980876a23c53f33bccf7518723efcf6f98cb52c6c41e4e920a60a30b2d7f75404cefc36d34066de42176ae027

Score
10/10
cobaltstrikebackdoorsuricatatrojan

Malware Config

Signatures

  • Cobaltstrike

    Detected malicious payload which is part of Cobaltstrike.

    trojanbackdoorcobaltstrike
  • suricata: ET MALWARE Possible Metasploit Payload Common Construct Bind_API (from server)

    suricata: ET MALWARE Possible Metasploit Payload Common Construct Bind_API (from server)

    suricata

Processes

  • C:\Users\Admin\AppData\Local\Temp\1585cc8a5c403cc01450df1340d37960.exe
    "C:\Users\Admin\AppData\Local\Temp\1585cc8a5c403cc01450df1340d37960.exe"
    1⤵
      PID:1108

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1108-130-0x0000000000860000-0x0000000000868000-memory.dmp
      Filesize

      32KB

      Download
    • memory/1108-131-0x0000000005150000-0x000000000517E000-memory.dmp
      Filesize

      184KB

      Download
    • memory/1108-132-0x00000000052B0000-0x00000000052E3000-memory.dmp
      Filesize

      204KB

      Download
    • memory/1108-134-0x0000000005430000-0x0000000005530000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/1108-135-0x0000000005530000-0x0000000005585000-memory.dmp
      Filesize

      340KB

      Download
    • memory/1108-136-0x0000000005180000-0x00000000051A0000-memory.dmp
      Filesize

      128KB

      Download
    • memory/1108-139-0x0000000000F10000-0x0000000000F2D000-memory.dmp
      Filesize

      116KB

      Download
    • memory/1108-141-0x00000000052B0000-0x00000000052E3000-memory.dmp
      Filesize

      204KB

      Download
    • memory/1108-142-0x0000000005430000-0x0000000005530000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/1108-143-0x0000000000F10000-0x0000000000F2D000-memory.dmp
      Filesize

      116KB

      Download