Analysis
-
max time kernel
76s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
27-11-2022 07:48
General
-
Target
fa64636aa48efbc1f7d11c6260659dcccc7f03f470cf707b0b22c6cf886a5b8b.exe
-
Size
573KB
-
MD5
0b3cfd42197026ee794af8a66cf659ba
-
SHA1
5a997f2de9f601d771ec6f7a5139db0056c6200a
-
SHA256
fa64636aa48efbc1f7d11c6260659dcccc7f03f470cf707b0b22c6cf886a5b8b
-
SHA512
2fd5cbf3a2b53f224ab1688d60db362c3245d88e8f26c1446c9040176736a23fff14877a237ae4efcdd491f0386a199385902784012e9f80cea7775b207fa5ac
-
SSDEEP
12288:cp+dMXX7vf0ksiZMLq0CddLlqnK7B0zc14/nURBFAswCXPXGA61A6:3MX7fjooLl8kMi4/URBvPj63
Score
10/10
Malware Config
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Suspicious behavior: EnumeratesProcesses 3 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\fa64636aa48efbc1f7d11c6260659dcccc7f03f470cf707b0b22c6cf886a5b8b.exe"C:\Users\Admin\AppData\Local\Temp\fa64636aa48efbc1f7d11c6260659dcccc7f03f470cf707b0b22c6cf886a5b8b.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1708-54-0x0000000076121000-0x0000000076123000-memory.dmpFilesize
8KB
-
memory/1708-55-0x0000000002310000-0x0000000002340000-memory.dmpFilesize
192KB
-
memory/1708-56-0x0000000000400000-0x0000000000494000-memory.dmpFilesize
592KB
-
memory/1708-58-0x0000000000400000-0x0000000000494000-memory.dmpFilesize
592KB
-
memory/1708-59-0x0000000000400000-0x0000000000494000-memory.dmpFilesize
592KB