Analysis
-
max time kernel
170s -
max time network
187s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
08-07-2022 15:28
Static task
static1
Behavioral task
behavioral1
Sample
0da0debbfe04ac2e6623c27ff49aee7b86676e4f4a186d69329159f0190c7450.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
0da0debbfe04ac2e6623c27ff49aee7b86676e4f4a186d69329159f0190c7450.exe
Resource
win10v2004-20220414-en
General
-
Target
0da0debbfe04ac2e6623c27ff49aee7b86676e4f4a186d69329159f0190c7450.exe
-
Size
5.4MB
-
MD5
8cfd9915935fdf0f11707009b4655116
-
SHA1
519548aa2ca8a1f91206228391601af616239aef
-
SHA256
0da0debbfe04ac2e6623c27ff49aee7b86676e4f4a186d69329159f0190c7450
-
SHA512
26088521ab9b5d1835943b85407b4882469e69a6643e348bde3b0266135f3653a87784f87c87f787cb358a0beb70501cad93d4cff3a0398e6c7dccd75fe219bf
Malware Config
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 33 IoCs
Processes:
0da0debbfe04ac2e6623c27ff49aee7b86676e4f4a186d69329159f0190c7450.exepid process 1664 0da0debbfe04ac2e6623c27ff49aee7b86676e4f4a186d69329159f0190c7450.exe 1664 0da0debbfe04ac2e6623c27ff49aee7b86676e4f4a186d69329159f0190c7450.exe 1664 0da0debbfe04ac2e6623c27ff49aee7b86676e4f4a186d69329159f0190c7450.exe 1664 0da0debbfe04ac2e6623c27ff49aee7b86676e4f4a186d69329159f0190c7450.exe 1664 0da0debbfe04ac2e6623c27ff49aee7b86676e4f4a186d69329159f0190c7450.exe 1664 0da0debbfe04ac2e6623c27ff49aee7b86676e4f4a186d69329159f0190c7450.exe 1664 0da0debbfe04ac2e6623c27ff49aee7b86676e4f4a186d69329159f0190c7450.exe 1664 0da0debbfe04ac2e6623c27ff49aee7b86676e4f4a186d69329159f0190c7450.exe 1664 0da0debbfe04ac2e6623c27ff49aee7b86676e4f4a186d69329159f0190c7450.exe 1664 0da0debbfe04ac2e6623c27ff49aee7b86676e4f4a186d69329159f0190c7450.exe 1664 0da0debbfe04ac2e6623c27ff49aee7b86676e4f4a186d69329159f0190c7450.exe 1664 0da0debbfe04ac2e6623c27ff49aee7b86676e4f4a186d69329159f0190c7450.exe 1664 0da0debbfe04ac2e6623c27ff49aee7b86676e4f4a186d69329159f0190c7450.exe 1664 0da0debbfe04ac2e6623c27ff49aee7b86676e4f4a186d69329159f0190c7450.exe 1664 0da0debbfe04ac2e6623c27ff49aee7b86676e4f4a186d69329159f0190c7450.exe 1664 0da0debbfe04ac2e6623c27ff49aee7b86676e4f4a186d69329159f0190c7450.exe 1664 0da0debbfe04ac2e6623c27ff49aee7b86676e4f4a186d69329159f0190c7450.exe 1664 0da0debbfe04ac2e6623c27ff49aee7b86676e4f4a186d69329159f0190c7450.exe 1664 0da0debbfe04ac2e6623c27ff49aee7b86676e4f4a186d69329159f0190c7450.exe 1664 0da0debbfe04ac2e6623c27ff49aee7b86676e4f4a186d69329159f0190c7450.exe 1664 0da0debbfe04ac2e6623c27ff49aee7b86676e4f4a186d69329159f0190c7450.exe 1664 0da0debbfe04ac2e6623c27ff49aee7b86676e4f4a186d69329159f0190c7450.exe 1664 0da0debbfe04ac2e6623c27ff49aee7b86676e4f4a186d69329159f0190c7450.exe 1664 0da0debbfe04ac2e6623c27ff49aee7b86676e4f4a186d69329159f0190c7450.exe 1664 0da0debbfe04ac2e6623c27ff49aee7b86676e4f4a186d69329159f0190c7450.exe 1664 0da0debbfe04ac2e6623c27ff49aee7b86676e4f4a186d69329159f0190c7450.exe 1664 0da0debbfe04ac2e6623c27ff49aee7b86676e4f4a186d69329159f0190c7450.exe 1664 0da0debbfe04ac2e6623c27ff49aee7b86676e4f4a186d69329159f0190c7450.exe 1664 0da0debbfe04ac2e6623c27ff49aee7b86676e4f4a186d69329159f0190c7450.exe 1664 0da0debbfe04ac2e6623c27ff49aee7b86676e4f4a186d69329159f0190c7450.exe 1664 0da0debbfe04ac2e6623c27ff49aee7b86676e4f4a186d69329159f0190c7450.exe 1664 0da0debbfe04ac2e6623c27ff49aee7b86676e4f4a186d69329159f0190c7450.exe 1664 0da0debbfe04ac2e6623c27ff49aee7b86676e4f4a186d69329159f0190c7450.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
0da0debbfe04ac2e6623c27ff49aee7b86676e4f4a186d69329159f0190c7450.exepid process 1664 0da0debbfe04ac2e6623c27ff49aee7b86676e4f4a186d69329159f0190c7450.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\0da0debbfe04ac2e6623c27ff49aee7b86676e4f4a186d69329159f0190c7450.exe"C:\Users\Admin\AppData\Local\Temp\0da0debbfe04ac2e6623c27ff49aee7b86676e4f4a186d69329159f0190c7450.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1664-54-0x0000000075721000-0x0000000075723000-memory.dmpFilesize
8KB
-
memory/1664-55-0x0000000000400000-0x0000000000D31000-memory.dmpFilesize
9.2MB
-
memory/1664-56-0x0000000000400000-0x0000000000D31000-memory.dmpFilesize
9.2MB
-
memory/1664-57-0x0000000000400000-0x0000000000D31000-memory.dmpFilesize
9.2MB
-
memory/1664-58-0x0000000000EC0000-0x0000000000EF1000-memory.dmpFilesize
196KB
-
memory/1664-59-0x0000000000D40000-0x0000000000E40000-memory.dmpFilesize
1024KB
-
memory/1664-60-0x0000000000D40000-0x0000000000E40000-memory.dmpFilesize
1024KB