Analysis
-
max time kernel
32s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
02-12-2022 09:03
Static task
static1
Behavioral task
behavioral1
Sample
payload.dll
Resource
win7-20221111-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
payload.dll
Resource
win10v2004-20220901-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
payload.dll
-
Size
652KB
-
MD5
a07d575b289ed3a80357c789fa485f14
-
SHA1
048acf120fa7a468a0275212b0a1f32ab8e441c2
-
SHA256
5c09c4175f49c749bf225f84236538086f5b9f1ad8522531fca34739246e4ad9
-
SHA512
15ef8e78e87dcea54f104f1ee1f005f78343a9b1e0ea941b421e3183da5136c6f158f05961b3016ed8fe485abac9fbfabc6e496a7e791913c672ef03839f842c
-
SSDEEP
12288:sRcFR26XFHnPGvjihyc3EdnDzxT0hyDEUiKVTOg4KOrrRSGCMNNlwd:sRMBnPGvjih50nDFTXOKV6WsRSqwd
Malware Config
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
FlawedGraceRAT
FlawedGrace is a full-featured RAT written in C++.
-
resource yara_rule behavioral1/memory/1888-57-0x0000000001C00000-0x0000000001CA1000-memory.dmp flawgrace_loader_x64 behavioral1/memory/1888-58-0x0000000001C00000-0x0000000001CA1000-memory.dmp flawgrace_loader_x64