Overview

overview

10

Static

static

ef6d96e926...2d.exe

windows7-x64

10

ef6d96e926...2d.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    190s
  • max time network
    196s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-12-2022 01:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ef6d96e926b5ef9a6f7f0959f83c3b9a1655677969307c4823a0385ae6c0622d.exe

  • Size

    88KB

  • MD5

    03196991d426d133181b1af47d96b3b0

  • SHA1

    0d5c478d807e0de3baa44188cfc21fb517413cf8

  • SHA256

    ef6d96e926b5ef9a6f7f0959f83c3b9a1655677969307c4823a0385ae6c0622d

  • SHA512

    f018d098eb7708c28b2d8acfbd9bc733e43e82ea99d23583b4320f5e623cb4f3ea1c11dc207acecba4e2ea4a12c855ed1caf26deaff5e70bff571ccd946b5ada

  • SSDEEP

    768:h9nP7bGZekdywm2vuKU2nqnM4RBzOemcgk2xHvuD+kDOMoIVSPV/B+yvPj6oO0Sg:nzaZbyk/UsqM2OeufHvuD+BSSPr7

Score
10/10
cobaltstrikebackdoortrojan

Malware Config

Signatures

  • Cobaltstrike

    Detected malicious payload which is part of Cobaltstrike.

    trojanbackdoorcobaltstrike
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ef6d96e926b5ef9a6f7f0959f83c3b9a1655677969307c4823a0385ae6c0622d.exe
    "C:\Users\Admin\AppData\Local\Temp\ef6d96e926b5ef9a6f7f0959f83c3b9a1655677969307c4823a0385ae6c0622d.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4956

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4956-132-0x0000000002210000-0x0000000002218000-memory.dmp
    Filesize

    32KB

    Download
  • memory/4956-136-0x0000000000400000-0x0000000000416000-memory.dmp
    Filesize

    88KB

    Download
  • memory/4956-137-0x0000000000400000-0x0000000000416000-memory.dmp
    Filesize

    88KB

    Download