Analysis
-
max time kernel
190s -
max time network
196s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
05-12-2022 01:41
Static task
static1
Behavioral task
behavioral1
Sample
ef6d96e926b5ef9a6f7f0959f83c3b9a1655677969307c4823a0385ae6c0622d.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
ef6d96e926b5ef9a6f7f0959f83c3b9a1655677969307c4823a0385ae6c0622d.exe
Resource
win10v2004-20221111-en
General
-
Target
ef6d96e926b5ef9a6f7f0959f83c3b9a1655677969307c4823a0385ae6c0622d.exe
-
Size
88KB
-
MD5
03196991d426d133181b1af47d96b3b0
-
SHA1
0d5c478d807e0de3baa44188cfc21fb517413cf8
-
SHA256
ef6d96e926b5ef9a6f7f0959f83c3b9a1655677969307c4823a0385ae6c0622d
-
SHA512
f018d098eb7708c28b2d8acfbd9bc733e43e82ea99d23583b4320f5e623cb4f3ea1c11dc207acecba4e2ea4a12c855ed1caf26deaff5e70bff571ccd946b5ada
-
SSDEEP
768:h9nP7bGZekdywm2vuKU2nqnM4RBzOemcgk2xHvuD+kDOMoIVSPV/B+yvPj6oO0Sg:nzaZbyk/UsqM2OeufHvuD+BSSPr7
Malware Config
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
ef6d96e926b5ef9a6f7f0959f83c3b9a1655677969307c4823a0385ae6c0622d.exepid process 4956 ef6d96e926b5ef9a6f7f0959f83c3b9a1655677969307c4823a0385ae6c0622d.exe 4956 ef6d96e926b5ef9a6f7f0959f83c3b9a1655677969307c4823a0385ae6c0622d.exe