Analysis
-
max time kernel
135s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20230221-en -
resource tags
-
submitted
24-03-2023 08:54
General
-
Target
Downloads/fff09f45a81ce93c0a01f7bc9221aaa6.exe
-
Size
1.4MB
-
MD5
fff09f45a81ce93c0a01f7bc9221aaa6
-
SHA1
42fc66089592cab97b7495926ca085dedccb3437
-
SHA256
4b74cd402144dc41603c2fb941ad2ea329dc1c3d7382c7e1dc1defbe1680539d
-
SHA512
766d201984e26b85c1771fbe3d51f3836547ff61159d711d768ad2919182ac35ddce982f4d31a071caac93c36ea37a61c5e1a35f9b55a1b98850ad0e2f543df1
-
SSDEEP
24576:H8eRJsRzlFh6tglyaNRX4OCrjihoaYg+/2O12D1n:H8eROlFhIglX/HYg+z2D1
Malware Config
Extracted
cobaltstrike
http://cdn.saicfinance.work:80/ipv6
-
user_agent
Host: cdn.saicfinance.work Accept: text/h.life,application/xh.life+.life,application/.life;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:36.0) Gecko/20200105 Firefox/36.0
Extracted
cobaltstrike
100000000
http://cdn.saicfinance.work:80/apiv4
-
access_type
512
-
host
cdn.saicfinance.work,/apiv4
-
http_header1
AAAABwAAAAAAAAAPAAAAAwAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACBDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2gubGlmZQAAABAAAAAaSG9zdDogY2RuLnNhaWNmaW5hbmNlLndvcmsAAAAHAAAAAAAAAAUAAAACaWQAAAAHAAAAAQAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
12800
-
polling_time
45000
-
port_number
80
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCO6EIffMQtWjT4Pe9NlKL7VvmzePwEEnTujvjo5RN1AyiJltvQEX7CAVF91yEpQDKbdWTN4DiiyCrAMKCy8TWu4TlYKGKnTtF8UzZcQaHJzquzlNGZduJaVdvnNVI2WpEey+0OqsFf4RM3TkkQGejWOvaTIOfiDGuWhzn6kdTA6wIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4.69766144e+08
-
unknown2
AAAABAAAAAIAAAAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/apiv6
-
user_agent
Mozilla/5.0 (Windows NT 5.1; rv:36.0) Gecko/20200105 Firefox/36.0
-
watermark
100000000
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
Processes
-
C:\Users\Admin\AppData\Local\Temp\Downloads\fff09f45a81ce93c0a01f7bc9221aaa6.exe"C:\Users\Admin\AppData\Local\Temp\Downloads\fff09f45a81ce93c0a01f7bc9221aaa6.exe"1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3460-133-0x0000028E71AC0000-0x0000028E71AC1000-memory.dmpFilesize
4KB
-
memory/3460-134-0x0000028E71EC0000-0x0000028E722C0000-memory.dmpFilesize
4.0MB
-
memory/3460-135-0x0000028E722C0000-0x0000028E7230F000-memory.dmpFilesize
316KB