Analysis
-
max time kernel
35s -
max time network
44s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
08-12-2022 08:55
Static task
static1
Behavioral task
behavioral1
Sample
goopdate.dll
Resource
win7-20220812-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
goopdate.dll
Resource
win10v2004-20221111-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
goopdate.dll
-
Size
10.3MB
-
MD5
b29e90e9e588a4dceeeb937def15044e
-
SHA1
58ca25295d98c2ee1a4d71c7ec7177284b7d3fc3
-
SHA256
e156869a450daa69fd996dffe2bae267ad9b7e003adf11fe9722c3de73abf2d1
-
SHA512
99d65aba480381fe9ced19029e06d11f55ec4ee61b91c9f879798113f20c96cac1a8c20dfa6f9ab8d1f0be8d2ec9a1e987106d6948c676ee4cf4ced3391dbece
-
SSDEEP
196608:huWWWYWBWWW3W2WwWeW7WbWRWUWdWpW2WEWVWkWeW:huWWWYWBWWW3W2WwWeW7WbWRWUWdWpWU
Score
10/10
Malware Config
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1644 wrote to memory of 1736 1644 rundll32.exe rundll32.exe PID 1644 wrote to memory of 1736 1644 rundll32.exe rundll32.exe PID 1644 wrote to memory of 1736 1644 rundll32.exe rundll32.exe PID 1644 wrote to memory of 1736 1644 rundll32.exe rundll32.exe PID 1644 wrote to memory of 1736 1644 rundll32.exe rundll32.exe PID 1644 wrote to memory of 1736 1644 rundll32.exe rundll32.exe PID 1644 wrote to memory of 1736 1644 rundll32.exe rundll32.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1736-54-0x0000000000000000-mapping.dmp
-
memory/1736-55-0x0000000075E51000-0x0000000075E53000-memory.dmpFilesize
8KB
-
memory/1736-56-0x0000000000230000-0x0000000000262000-memory.dmpFilesize
200KB
-
memory/1736-57-0x00000000002B0000-0x00000000002F1000-memory.dmpFilesize
260KB
-
memory/1736-58-0x00000000002B0000-0x00000000002F1000-memory.dmpFilesize
260KB