Analysis

  • max time kernel
    148s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    08-07-2022 15:28

General

  • Target

    0da0debbfe04ac2e6623c27ff49aee7b86676e4f4a186d69329159f0190c7450.exe

  • Size

    5.4MB

  • MD5

    8cfd9915935fdf0f11707009b4655116

  • SHA1

    519548aa2ca8a1f91206228391601af616239aef

  • SHA256

    0da0debbfe04ac2e6623c27ff49aee7b86676e4f4a186d69329159f0190c7450

  • SHA512

    26088521ab9b5d1835943b85407b4882469e69a6643e348bde3b0266135f3653a87784f87c87f787cb358a0beb70501cad93d4cff3a0398e6c7dccd75fe219bf

Malware Config

Signatures

  • Cobaltstrike

    Detected malicious payload which is part of Cobaltstrike.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 38 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0da0debbfe04ac2e6623c27ff49aee7b86676e4f4a186d69329159f0190c7450.exe
    "C:\Users\Admin\AppData\Local\Temp\0da0debbfe04ac2e6623c27ff49aee7b86676e4f4a186d69329159f0190c7450.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:2128

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2128-130-0x0000000000400000-0x0000000000D31000-memory.dmp
    Filesize

    9.2MB

  • memory/2128-131-0x0000000000400000-0x0000000000D31000-memory.dmp
    Filesize

    9.2MB

  • memory/2128-132-0x0000000000400000-0x0000000000D31000-memory.dmp
    Filesize

    9.2MB

  • memory/2128-133-0x0000000000400000-0x0000000000D31000-memory.dmp
    Filesize

    9.2MB

  • memory/2128-135-0x0000000002F60000-0x0000000002F91000-memory.dmp
    Filesize

    196KB

  • memory/2128-134-0x00000000032C0000-0x00000000033C0000-memory.dmp
    Filesize

    1024KB