Overview

overview

10

Static

static

8

42eeb032ee...47.exe

windows7-x64

10

42eeb032ee...47.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    139s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    01-12-2022 11:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    42eeb032eed8b27965b7fc971b1fd490310fc85fb5be3138675200075824e547.exe

  • Size

    1.3MB

  • MD5

    14aaa215e9b3c1e00fe200579b62096f

  • SHA1

    ea7a115dbe99b2866dce2b4b528b42935b1ac0df

  • SHA256

    42eeb032eed8b27965b7fc971b1fd490310fc85fb5be3138675200075824e547

  • SHA512

    ae7ce435d31ead38001f3e990e3625955dfd9e6ed95e5d273fe22ddc3a92e582eea4432a78ffe1204e053ad04a1d0fa9c82480d37b0628afe627715c91ab5b6c

  • SSDEEP

    24576:Uh5B4Gr+VacW7lICFGOuDv3bGEIzUfhIlyZxI:U7B7EzWP+3bSwXI

Score
10/10
cobaltstrikebackdoortrojanupx

Malware Config

Signatures

  • Cobaltstrike

    Detected malicious payload which is part of Cobaltstrike.

    trojanbackdoorcobaltstrike
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: EnumeratesProcesses 27 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\42eeb032eed8b27965b7fc971b1fd490310fc85fb5be3138675200075824e547.exe
    "C:\Users\Admin\AppData\Local\Temp\42eeb032eed8b27965b7fc971b1fd490310fc85fb5be3138675200075824e547.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1140
    • C:\Windows\System32\notepad.exe
      "C:\Windows\System32\notepad.exe"
      2⤵
        PID:320

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/320-56-0x0000000000060000-0x00000000000A1000-memory.dmp

      Filesize

      260KB

      Download

    • memory/320-58-0x0000000000060000-0x00000000000A1000-memory.dmp

      Filesize

      260KB

      Download

    • memory/320-59-0x0000000000000000-mapping.dmp

      Download

    • memory/320-60-0x000007FEFBD91000-0x000007FEFBD93000-memory.dmp

      Filesize

      8KB

      Download

    • memory/320-62-0x0000000001C30000-0x00000000020A2000-memory.dmp

      Filesize

      4.4MB

      Download

    • memory/1140-54-0x0000000001140000-0x0000000001437000-memory.dmp

      Filesize

      3.0MB

      Download

    • memory/1140-55-0x0000000001140000-0x0000000001437000-memory.dmp

      Filesize

      3.0MB

      Download

    • memory/1140-61-0x0000000001140000-0x0000000001437000-memory.dmp

      Filesize

      3.0MB

      Download