Analysis
-
max time kernel
84s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
24-03-2023 13:33
Static task
static1
Behavioral task
behavioral1
Sample
artifact.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
artifact.exe
Resource
win10v2004-20230220-en
General
-
Target
artifact.exe
-
Size
17KB
-
MD5
2aedb984dc199342fa6114551fc1b10d
-
SHA1
0b451a55cf8b5b475e1023f4b5896c58f050812f
-
SHA256
00cc0fef10111e85bffd93338deb49f6cd335417aa96f7eefc6cf1dff735a1cd
-
SHA512
470c130a1050014844f68dfd3dcf0be09ce69641ed8083bf7c74b691d085836a4cc411453632c21fcf0993020be727f9bd76d9ff6ccd6799a489aa98870a4c00
-
SSDEEP
192:SDMAe4Ckj19RZZ6wpSfu1bKcq5uHj7khBDSeKNH4CS7AJ2dKBUbOj6kxiY:SDMAoKz6WtKEj7aBDiVaKbAY
Malware Config
Extracted
cobaltstrike
http://198.52.127.146:21988/WMSf
-
user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 4456 4984 WerFault.exe artifact.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\artifact.exe"C:\Users\Admin\AppData\Local\Temp\artifact.exe"1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 4984 -s 10842⤵
- Program crash
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 476 -p 4984 -ip 49841⤵