Analysis
-
max time kernel
151s -
max time network
147s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
21-03-2023 14:33
Static task
static1
Behavioral task
behavioral1
Sample
04193e2b9a24c7c63914d71bbff1ca8612b089750a5645caa6c143fc0a1c376d.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
04193e2b9a24c7c63914d71bbff1ca8612b089750a5645caa6c143fc0a1c376d.exe
Resource
win10v2004-20230220-en
General
-
Target
04193e2b9a24c7c63914d71bbff1ca8612b089750a5645caa6c143fc0a1c376d.exe
-
Size
319KB
-
MD5
d438f4f0cd9de5f51b8ff401e51d7fae
-
SHA1
fa92e51cace0da018119a3f95e0648e6e33f288e
-
SHA256
04193e2b9a24c7c63914d71bbff1ca8612b089750a5645caa6c143fc0a1c376d
-
SHA512
47d03bc3b27754af305e16dad163fa8cf49ad232547fc350a01cc73037b2403dce73b92e24e72e78c7141771d58f78873ad3c375522ac03c6691fd018fd54615
-
SSDEEP
6144:6HwGL86EIUdKVy9Dwxdms4yAzFaFdtkBYYYYwYYYYYYYYYYYYYYYvPAYYzEKUo01:Cwv6NU3qopVYdm5t3
Malware Config
Extracted
cobaltstrike
1530709612
http://10.10.5.39:443/___utm.gif
http://10.10.5.246:443/___utm.gif
-
access_type
512
-
beacon_type
2048
-
host
10.10.5.39,/___utm.gif,10.10.5.246,/___utm.gif
-
http_header1
AAAACQAAABJ1dG1hYz1VQS0yMjAyNjA0LTIAAAAJAAAAB3V0bWNuPTEAAAAJAAAAEHV0bWNzPUlTTy04ODU5LTEAAAAJAAAAD3V0bXNyPTEyODB4MTAyNAAAAAkAAAAMdXRtc2M9MzItYml0AAAACQAAAAt1dG11bD1lbi1VUwAAAAcAAAAAAAAADQAAAAIAAAAGX191dG1hAAAABQAAAAV1dG1jYwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAABwAAAAAAAAACAAAABlVBLTIyMAAAAAEAAAACLTIAAAAFAAAABXV0bWFjAAAACQAAAAd1dG1jbj0xAAAACQAAABB1dG1jcz1JU08tODg1OS0xAAAACQAAAA91dG1zcj0xMjgweDEwMjQAAAAJAAAADHV0bXNjPTMyLWJpdAAAAAkAAAALdXRtdWw9ZW4tVVMAAAAHAAAAAQAAAA0AAAACAAAABl9fdXRtYQAAAAUAAAAFdXRtY2MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
GET
-
polling_time
5000
-
port_number
443
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCYRk7aiOwUEkTn6tyrUx6KT1EYovdepy7UKvbsWSeToWgfuSGybTrHa3ZUO9IXmi3gQkQqzGBSHXE8S59bLI+X+TNcAS1jEYPnHueMYo5Gdkguj3sxQn/a4OyN7Oc58rNvYD2bRBpuri3wEBarONFz5cKNYjeaH7+N3YgmuYskwQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
6.71092736e+08
-
unknown2
AAAABAAAAAIAAAAPAAAAAgAAAA8AAAACAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown3
1.610612736e+09
-
uri
/__utm.gif
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
-
watermark
1530709612
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2024-54-0x0000000000560000-0x00000000005A1000-memory.dmpFilesize
260KB
-
memory/2024-55-0x00000000007E0000-0x000000000082F000-memory.dmpFilesize
316KB
-
memory/2024-56-0x0000000000400000-0x0000000000457000-memory.dmpFilesize
348KB
-
memory/2024-57-0x00000000007E0000-0x000000000082F000-memory.dmpFilesize
316KB