General
-
Target
6c328aa7e0903702358de31a388026652e82920109e7d34bb25acdc88f07a5e0
-
Size
360KB
-
Sample
221208-k99jjace2w
-
MD5
344d455e11aa6eda85d16e94159eaecc
-
SHA1
d45d68e70f4558593ab4c577ef6366e3922ea215
-
SHA256
6c328aa7e0903702358de31a388026652e82920109e7d34bb25acdc88f07a5e0
-
SHA512
860c0b3708ae6c324f4ea0fb46448c2cbfaf28758842fabd355c607ebde9cd041fff358b5dad4358c8b49b091a648ce76d7d16afa50d1b3304cf923decdb99f1
-
SSDEEP
6144:lkAWeL8yVhg7XElCu95nLPomKlLV7Gn+srTQ/R0JRhthPhwslKa+chY4knG8qad:geLzVzCyLdKlLV5mTQmlthJlKa+2knGi
Static task
static1
Behavioral task
behavioral1
Sample
6c328aa7e0903702358de31a388026652e82920109e7d34bb25acdc88f07a5e0.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
6c328aa7e0903702358de31a388026652e82920109e7d34bb25acdc88f07a5e0.dll
Resource
win10v2004-20220901-en
Malware Config
Extracted
cobaltstrike
1700806454
http://tileservice-weather.azureedge.net:443/en-au/livetile/front/
-
access_type
512
-
beacon_type
2048
-
host
tileservice-weather.azureedge.net,/en-au/livetile/front/
-
http_header1
AAAACgAAAFJBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL3dlYnAsKi8qO3E9MC44AAAACgAAABhDYWNoZS1Db250cm9sOiBtYXgtYWdlPTAAAAAKAAAAFkNvbm5lY3Rpb246IGtlZXAtYWxpdmUAAAAQAAAAJ0hvc3Q6IHRpbGVzZXJ2aWNlLXdlYXRoZXIuYXp1cmVlZGdlLm5ldAAAAAoAAAAyT3JpZ2luOiBodHRwczovL3RpbGUtc2VydmljZS13ZWF0aGVyLmF6dXJlZWRnZS5uZXQAAAAKAAAANFJlZmVyZXI6IGh0dHBzOi8vdGlsZS1zZXJ2aWNlLndlYXRoZXIubWljcm9zb2Z0LmNvbS8AAAAHAAAAAAAAAA0AAAABAAAADC80NS40MCw3Mi43MwAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAFJBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL3dlYnAsKi8qO3E9MC44AAAACgAAABhDYWNoZS1Db250cm9sOiBtYXgtYWdlPTAAAAAKAAAAFkNvbm5lY3Rpb246IGtlZXAtYWxpdmUAAAAQAAAAJ0hvc3Q6IHRpbGVzZXJ2aWNlLXdlYXRoZXIuYXp1cmVlZGdlLm5ldAAAAAoAAAAyT3JpZ2luOiBodHRwczovL3RpbGUtc2VydmljZS13ZWF0aGVyLmF6dXJlZWRnZS5uZXQAAAAKAAAANFJlZmVyZXI6IGh0dHBzOi8vdGlsZS1zZXJ2aWNlLndlYXRoZXIubWljcm9zb2Z0LmNvbS8AAAAJAAAACXJlZ2lvbj1DQQAAAAcAAAAAAAAADQAAAAUAAAAFYXBwaWQAAAAHAAAAAQAAAAMAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
17920
-
polling_time
3.6e+06
-
port_number
443
-
sc_process32
%windir%\syswow64\conhost.exe
-
sc_process64
%windir%\sysnative\conhost.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCAJPF/mZit4nxvjWHmmU6yFh3uXFdS2ugK0W2z1i9ozrCTebMdOHPvdNUu+hIXXNSyf9WKfhXnJ00QnHTcMr9G3H475JXWflnmOOgJFOh70Zgr9WSxtnCBt2uYIjJ1oe4Xv0Zwft/jqpZsOl1M8m+wk4bCB+11Yz1tx7HaD4INdwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
2.187728128e+09
-
unknown2
AAAABAAAAAEAAAVkAAAAAgAAC8gAAAANAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/en-CA/livetile/preinstall
-
user_agent
Microsoft-WebDAV-MiniRedir/10.0.19042
-
watermark
1700806454
Targets
-
-
Target
6c328aa7e0903702358de31a388026652e82920109e7d34bb25acdc88f07a5e0
-
Size
360KB
-
MD5
344d455e11aa6eda85d16e94159eaecc
-
SHA1
d45d68e70f4558593ab4c577ef6366e3922ea215
-
SHA256
6c328aa7e0903702358de31a388026652e82920109e7d34bb25acdc88f07a5e0
-
SHA512
860c0b3708ae6c324f4ea0fb46448c2cbfaf28758842fabd355c607ebde9cd041fff358b5dad4358c8b49b091a648ce76d7d16afa50d1b3304cf923decdb99f1
-
SSDEEP
6144:lkAWeL8yVhg7XElCu95nLPomKlLV7Gn+srTQ/R0JRhthPhwslKa+chY4knG8qad:geLzVzCyLdKlLV5mTQmlthJlKa+2knGi
Score10/10 -