Analysis
-
max time kernel
148s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
08-07-2022 15:28
General
-
Target
0da0debbfe04ac2e6623c27ff49aee7b86676e4f4a186d69329159f0190c7450.exe
-
Size
5.4MB
-
MD5
8cfd9915935fdf0f11707009b4655116
-
SHA1
519548aa2ca8a1f91206228391601af616239aef
-
SHA256
0da0debbfe04ac2e6623c27ff49aee7b86676e4f4a186d69329159f0190c7450
-
SHA512
26088521ab9b5d1835943b85407b4882469e69a6643e348bde3b0266135f3653a87784f87c87f787cb358a0beb70501cad93d4cff3a0398e6c7dccd75fe219bf
Score
10/10
Malware Config
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 38 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0da0debbfe04ac2e6623c27ff49aee7b86676e4f4a186d69329159f0190c7450.exe"C:\Users\Admin\AppData\Local\Temp\0da0debbfe04ac2e6623c27ff49aee7b86676e4f4a186d69329159f0190c7450.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2128-130-0x0000000000400000-0x0000000000D31000-memory.dmpFilesize
9.2MB
-
memory/2128-131-0x0000000000400000-0x0000000000D31000-memory.dmpFilesize
9.2MB
-
memory/2128-132-0x0000000000400000-0x0000000000D31000-memory.dmpFilesize
9.2MB
-
memory/2128-133-0x0000000000400000-0x0000000000D31000-memory.dmpFilesize
9.2MB
-
memory/2128-135-0x0000000002F60000-0x0000000002F91000-memory.dmpFilesize
196KB
-
memory/2128-134-0x00000000032C0000-0x00000000033C0000-memory.dmpFilesize
1024KB