Overview
overview
10Static
static
1Downloads/...09.exe
windows7-x64
1Downloads/...09.exe
windows10-2004-x64
1Downloads/...d3.exe
windows7-x64
1Downloads/...d3.exe
windows10-2004-x64
1Downloads/...9e.exe
windows7-x64
1Downloads/...9e.exe
windows10-2004-x64
10Downloads/...80.exe
windows7-x64
10Downloads/...80.exe
windows10-2004-x64
10Downloads/...a7.exe
windows7-x64
10Downloads/...a7.exe
windows10-2004-x64
7Downloads/...a6.exe
windows7-x64
10Downloads/...a6.exe
windows10-2004-x64
10Analysis
-
max time kernel
128s -
max time network
132s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
24-03-2023 08:54
Static task
static1
Behavioral task
behavioral1
Sample
Downloads/56b5116db18b2599a5ea7f3b2302c709.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Downloads/56b5116db18b2599a5ea7f3b2302c709.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
Downloads/5a45119a2603b6ad08c7f5e44e9588d3.exe
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
Downloads/5a45119a2603b6ad08c7f5e44e9588d3.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
Downloads/7880a7beae205f43c9f2155785b7959e.exe
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
Downloads/7880a7beae205f43c9f2155785b7959e.exe
Resource
win10v2004-20230221-en
Behavioral task
behavioral7
Sample
Downloads/c620d1f1f0d646823126ac3f36c5a780.exe
Resource
win7-20230220-en
Behavioral task
behavioral8
Sample
Downloads/c620d1f1f0d646823126ac3f36c5a780.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral9
Sample
Downloads/cde34053c215372ba47c1c8fbd6b25a7.exe
Resource
win7-20230220-en
Behavioral task
behavioral10
Sample
Downloads/cde34053c215372ba47c1c8fbd6b25a7.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral11
Sample
Downloads/fff09f45a81ce93c0a01f7bc9221aaa6.exe
Resource
win7-20230220-en
Behavioral task
behavioral12
Sample
Downloads/fff09f45a81ce93c0a01f7bc9221aaa6.exe
Resource
win10v2004-20230221-en
General
-
Target
Downloads/fff09f45a81ce93c0a01f7bc9221aaa6.exe
-
Size
1.4MB
-
MD5
fff09f45a81ce93c0a01f7bc9221aaa6
-
SHA1
42fc66089592cab97b7495926ca085dedccb3437
-
SHA256
4b74cd402144dc41603c2fb941ad2ea329dc1c3d7382c7e1dc1defbe1680539d
-
SHA512
766d201984e26b85c1771fbe3d51f3836547ff61159d711d768ad2919182ac35ddce982f4d31a071caac93c36ea37a61c5e1a35f9b55a1b98850ad0e2f543df1
-
SSDEEP
24576:H8eRJsRzlFh6tglyaNRX4OCrjihoaYg+/2O12D1n:H8eROlFhIglX/HYg+z2D1
Malware Config
Extracted
cobaltstrike
http://cdn.saicfinance.work:80/ipv6
-
user_agent
Host: cdn.saicfinance.work Accept: text/h.life,application/xh.life+.life,application/.life;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:36.0) Gecko/20200105 Firefox/36.0
Extracted
cobaltstrike
100000000
http://cdn.saicfinance.work:80/apiv4
-
access_type
512
-
host
cdn.saicfinance.work,/apiv4
-
http_header1
AAAABwAAAAAAAAAPAAAAAwAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACBDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2gubGlmZQAAABAAAAAaSG9zdDogY2RuLnNhaWNmaW5hbmNlLndvcmsAAAAHAAAAAAAAAAUAAAACaWQAAAAHAAAAAQAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
12800
-
polling_time
45000
-
port_number
80
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCO6EIffMQtWjT4Pe9NlKL7VvmzePwEEnTujvjo5RN1AyiJltvQEX7CAVF91yEpQDKbdWTN4DiiyCrAMKCy8TWu4TlYKGKnTtF8UzZcQaHJzquzlNGZduJaVdvnNVI2WpEey+0OqsFf4RM3TkkQGejWOvaTIOfiDGuWhzn6kdTA6wIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4.69766144e+08
-
unknown2
AAAABAAAAAIAAAAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/apiv6
-
user_agent
Mozilla/5.0 (Windows NT 5.1; rv:36.0) Gecko/20200105 Firefox/36.0
-
watermark
100000000
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.