Overview
overview
10Static
static
112493ec6b5...ba.exe
windows7-x64
1012493ec6b5...ba.exe
windows10-2004-x64
109e7d06f01a...47.exe
windows7-x64
109e7d06f01a...47.exe
windows10-2004-x64
10c5b25a24f7...om.exe
windows7-x64
1c5b25a24f7...om.exe
windows10-2004-x64
1ce8bface0c...aa.exe
windows7-x64
10ce8bface0c...aa.exe
windows10-2004-x64
10Analysis
-
max time kernel
19s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
24-03-2023 12:02
Static task
static1
Behavioral task
behavioral1
Sample
12493ec6b59188a080961436130f4cba.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
12493ec6b59188a080961436130f4cba.exe
Resource
win10v2004-20230221-en
Behavioral task
behavioral3
Sample
9e7d06f01a6535531b6e098f6dd3eb47.exe
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
9e7d06f01a6535531b6e098f6dd3eb47.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
c5b25a24f7112f1ee9300986004c45d9.com.exe
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
c5b25a24f7112f1ee9300986004c45d9.com.exe
Resource
win10v2004-20230221-en
Behavioral task
behavioral7
Sample
ce8bface0c9e56ab96d4bc06b76083aa.exe
Resource
win7-20230220-en
Behavioral task
behavioral8
Sample
ce8bface0c9e56ab96d4bc06b76083aa.exe
Resource
win10v2004-20230220-en
General
-
Target
9e7d06f01a6535531b6e098f6dd3eb47.exe
-
Size
6.1MB
-
MD5
9e7d06f01a6535531b6e098f6dd3eb47
-
SHA1
b1389c46288f8674b591f2bbcf41920958e96962
-
SHA256
1792595b55a0ccf8aef23354eafb24844581c4f862a514e42f67127738b71f63
-
SHA512
ae1bd9c677d62f16dc0191d6693d414188885f43897a1b40475be3ff1d3483f27c1879f897c30743f2519638c81c11e72ebf363deb85c584b852cf5e851dd3bf
-
SSDEEP
49152:jpdCnUmxN53Q2rb/T4vO90d7HjmAFd4A64nsfJ60jn1m4tQGYaVDb1U37t+0nWl5:83QuXwsAXEY/+6QII
Malware Config
Extracted
cobaltstrike
391144938
http://39.98.169.74:8080/mall_100_100.html
-
access_type
512
-
host
39.98.169.74,/mall_100_100.html
-
http_header1
AAAACgAAAB5BY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUAAAAKAAAAj0FjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksaW1hZ2UvYXZpZixpbWFnZS93ZWJwLGltYWdlL2FwbmcsKi8qO3E9MC44LGFwcGxpY2F0aW9uL3NpZ25lZC1leGNoYW5nZTt2PWIzO3E9MC45AAAACgAAABxVcGdyYWRlLUluc2VjdXJlLVJlcXVlc3RzOiAxAAAACgAAABpSZWZlcmVyOiBodHRwczovLzEwMDg2LmNuLwAAAAcAAAAAAAAADQAAAAIAAAAFQU5JRD0AAAACAAAAGV9fU2VjdXJlLTNQQVBJU0lEPW5vc2tpbjsAAAABAAAAIztDT05TRU5UPVlFUytDTi56aC1DTisyMDIxMDkxNy0wOS0wAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAD5Db250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZDsgY2hhcnNldD1VVEYtOAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAMFJlZmVyZXI6IGh0dHBzOi8vc2hvcC4xMDA4Ni5jbi9tYWxsXzEwMF8xMDAuaHRtbAAAAAcAAAAAAAAADQAAAAUAAAAIX19mb3JtaWQAAAAJAAAAFHNyY2hmcm9tPW5SS2p4elpSUnh4AAAACQAAABJmaWVsZG5hbWU9Q3pMdUV4S2wAAAAJAAAAFHNlYXJjaHNvcnRpZD1NYnpTRW5CAAAABwAAAAEAAAANAAAAAgAAACphaWRfPTUyMjAwNTcwNSZhY2N2ZXI9MSZzaG93dHlwZT1lbWJlZCZ1YT0AAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
9472
-
polling_time
30000
-
port_number
8080
-
sc_process32
%windir%\syswow64\runonce.exe
-
sc_process64
%windir%\sysnative\runonce.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCBEy1s0LexKpvJxFPuF4SnuvLLt7qBQQJa6AL1GAgy+dT3Yb76ieLbE9vhHouh2kWI7/PlTGfwLlTpT3zIkwBSAP1Ux8LNsCb7NTwEStKREiLiO29vskZlW8HDpRb6zGejRSjnzWGFohkKnQEfdmLUhQ7wagU1GaVCgFUKH0M00QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
3.03243264e+08
-
unknown2
AAAABAAAAAEAAAglAAAAAgAACCUAAAACAAACyAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/ajax/recharge/recharge.json
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4044.62 Safari/537.36
-
watermark
391144938
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2036-55-0x0000000028720000-0x0000000028772000-memory.dmpFilesize
328KB