Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20230221-en -
resource tags
arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system -
submitted
13-03-2023 07:25
Static task
static1
Behavioral task
behavioral1
Sample
80e11a2e073d5b9167f256ea2131d606454196d6b776f03688153fed4b93b527.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
80e11a2e073d5b9167f256ea2131d606454196d6b776f03688153fed4b93b527.exe
Resource
win10v2004-20230221-en
General
-
Target
80e11a2e073d5b9167f256ea2131d606454196d6b776f03688153fed4b93b527.exe
-
Size
4.8MB
-
MD5
c255948ecb902d611243ccdeaca8d1c1
-
SHA1
c789f25130cc12f8440bc0ae6661ebed6e148f7e
-
SHA256
80e11a2e073d5b9167f256ea2131d606454196d6b776f03688153fed4b93b527
-
SHA512
b65e623be343c0d0f8eaa882a3a74d1ee99da8d150dda23871e77c53d12c9a1cf87801cbe2ee777957b734361a464bfe36268fc0125ca10702260ac29bd34281
-
SSDEEP
98304:FTUJLVxn6gC9eBOnV0Tp6v2GgM7PlNpwqP9VNaPw+UAM0jyIO3olinm:q/h6gtBOV0Tp6v2Gd7PKqPAYXKnQnm
Malware Config
Extracted
cobaltstrike
http://38.54.101.225:1122/y94w
-
user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; XBLWP7; ZuneWP7)
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
80e11a2e073d5b9167f256ea2131d606454196d6b776f03688153fed4b93b527.exepid process 2840 80e11a2e073d5b9167f256ea2131d606454196d6b776f03688153fed4b93b527.exe 2840 80e11a2e073d5b9167f256ea2131d606454196d6b776f03688153fed4b93b527.exe