Analysis
-
max time kernel
213s -
max time network
336s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
-
submitted
08-12-2022 09:19
General
-
Target
6c328aa7e0903702358de31a388026652e82920109e7d34bb25acdc88f07a5e0.dll
-
Size
360KB
-
MD5
344d455e11aa6eda85d16e94159eaecc
-
SHA1
d45d68e70f4558593ab4c577ef6366e3922ea215
-
SHA256
6c328aa7e0903702358de31a388026652e82920109e7d34bb25acdc88f07a5e0
-
SHA512
860c0b3708ae6c324f4ea0fb46448c2cbfaf28758842fabd355c607ebde9cd041fff358b5dad4358c8b49b091a648ce76d7d16afa50d1b3304cf923decdb99f1
-
SSDEEP
6144:lkAWeL8yVhg7XElCu95nLPomKlLV7Gn+srTQ/R0JRhthPhwslKa+chY4knG8qad:geLzVzCyLdKlLV5mTQmlthJlKa+2knGi
Malware Config
Extracted
cobaltstrike
1700806454
http://tileservice-weather.azureedge.net:443/en-au/livetile/front/
-
access_type
512
-
beacon_type
2048
-
host
tileservice-weather.azureedge.net,/en-au/livetile/front/
-
http_header1
AAAACgAAAFJBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL3dlYnAsKi8qO3E9MC44AAAACgAAABhDYWNoZS1Db250cm9sOiBtYXgtYWdlPTAAAAAKAAAAFkNvbm5lY3Rpb246IGtlZXAtYWxpdmUAAAAQAAAAJ0hvc3Q6IHRpbGVzZXJ2aWNlLXdlYXRoZXIuYXp1cmVlZGdlLm5ldAAAAAoAAAAyT3JpZ2luOiBodHRwczovL3RpbGUtc2VydmljZS13ZWF0aGVyLmF6dXJlZWRnZS5uZXQAAAAKAAAANFJlZmVyZXI6IGh0dHBzOi8vdGlsZS1zZXJ2aWNlLndlYXRoZXIubWljcm9zb2Z0LmNvbS8AAAAHAAAAAAAAAA0AAAABAAAADC80NS40MCw3Mi43MwAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAFJBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL3dlYnAsKi8qO3E9MC44AAAACgAAABhDYWNoZS1Db250cm9sOiBtYXgtYWdlPTAAAAAKAAAAFkNvbm5lY3Rpb246IGtlZXAtYWxpdmUAAAAQAAAAJ0hvc3Q6IHRpbGVzZXJ2aWNlLXdlYXRoZXIuYXp1cmVlZGdlLm5ldAAAAAoAAAAyT3JpZ2luOiBodHRwczovL3RpbGUtc2VydmljZS13ZWF0aGVyLmF6dXJlZWRnZS5uZXQAAAAKAAAANFJlZmVyZXI6IGh0dHBzOi8vdGlsZS1zZXJ2aWNlLndlYXRoZXIubWljcm9zb2Z0LmNvbS8AAAAJAAAACXJlZ2lvbj1DQQAAAAcAAAAAAAAADQAAAAUAAAAFYXBwaWQAAAAHAAAAAQAAAAMAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
17920
-
polling_time
3.6e+06
-
port_number
443
-
sc_process32
%windir%\syswow64\conhost.exe
-
sc_process64
%windir%\sysnative\conhost.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCAJPF/mZit4nxvjWHmmU6yFh3uXFdS2ugK0W2z1i9ozrCTebMdOHPvdNUu+hIXXNSyf9WKfhXnJ00QnHTcMr9G3H475JXWflnmOOgJFOh70Zgr9WSxtnCBt2uYIjJ1oe4Xv0Zwft/jqpZsOl1M8m+wk4bCB+11Yz1tx7HaD4INdwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
2.187728128e+09
-
unknown2
AAAABAAAAAEAAAVkAAAAAgAAC8gAAAANAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/en-CA/livetile/preinstall
-
user_agent
Microsoft-WebDAV-MiniRedir/10.0.19042
-
watermark
1700806454
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6c328aa7e0903702358de31a388026652e82920109e7d34bb25acdc88f07a5e0.dll,#11⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1892-54-0x0000000001DF0000-0x0000000002262000-memory.dmpFilesize
4.4MB
-
memory/1892-55-0x00000000002E0000-0x0000000000321000-memory.dmpFilesize
260KB
-
memory/1892-56-0x00000000002E0000-0x0000000000321000-memory.dmpFilesize
260KB
-
memory/1892-57-0x0000000001DF0000-0x0000000002262000-memory.dmpFilesize
4.4MB