Analysis
-
max time kernel
44s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
03-12-2022 05:32
Static task
static1
Behavioral task
behavioral1
Sample
c498eb9ed0920a8f50c36a679bd22799b0797c73aad1df3a8ba43a013a7c6170.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
c498eb9ed0920a8f50c36a679bd22799b0797c73aad1df3a8ba43a013a7c6170.exe
Resource
win10v2004-20221111-en
General
-
Target
c498eb9ed0920a8f50c36a679bd22799b0797c73aad1df3a8ba43a013a7c6170.exe
-
Size
76KB
-
MD5
b894b9f82c09d031790f80179d503774
-
SHA1
4a1cc069c04d4e4a8d14b184dbdde95831733174
-
SHA256
c498eb9ed0920a8f50c36a679bd22799b0797c73aad1df3a8ba43a013a7c6170
-
SHA512
81e37fce2753ab37dc23e3d1e4d41bf4ae9cc0c8ecc1755930cab20a18a5bd03340e166029fc1cb6c440bb681438c8bc6ab1627eb82c382808f41bc65813c5e3
-
SSDEEP
1536:S+won4kn8DkWEUcA6v0za1xWvE35hIjhwXy+edvAZqK8:S+bZWEUcAhhE30+WXL
Malware Config
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
c498eb9ed0920a8f50c36a679bd22799b0797c73aad1df3a8ba43a013a7c6170.exepid process 1348 c498eb9ed0920a8f50c36a679bd22799b0797c73aad1df3a8ba43a013a7c6170.exe 1348 c498eb9ed0920a8f50c36a679bd22799b0797c73aad1df3a8ba43a013a7c6170.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1348-54-0x0000000075601000-0x0000000075603000-memory.dmpFilesize
8KB
-
memory/1348-55-0x0000000000340000-0x0000000000348000-memory.dmpFilesize
32KB
-
memory/1348-59-0x0000000000400000-0x0000000000413000-memory.dmpFilesize
76KB
-
memory/1348-60-0x0000000000400000-0x0000000000413000-memory.dmpFilesize
76KB