Overview

overview

10

Static

static

1

33d09273dc...68.ps1

windows7-x64

10

33d09273dc...68.ps1

windows10-2004-x64

10

Analysis

  • max time kernel
    114s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    29-03-2023 06:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    33d09273dc6cd6f995271202a20e8df2e0579a066db9b0bdcbfff7da7afe3768.ps1

  • Size

    26KB

  • MD5

    c9ebd0d057c99b70ba8e955a0f51f72f

  • SHA1

    ee2323f856b397a7c0ce1feb6677152376e96da5

  • SHA256

    33d09273dc6cd6f995271202a20e8df2e0579a066db9b0bdcbfff7da7afe3768

  • SHA512

    c8a1b27243b3526acd38052639574a201f82d96dca2c5a3e753d05c75dc5d21a7984cc66bcda04ea27199e846359695c118ba7cf2162d4ca95cc569147bb7d74

  • SSDEEP

    384:pIAUl9V5xJCdNz6etOzzodsGeE3WdbSU0jRArxJDZF6boFUUC7+v6fCUqqgCENqn:uAUjKz6r5GeW+bOoCvK/imC6YEaxP

Score
10/10
cobaltstrikebackdoortrojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://43.136.14.33:50001/GSmV

Attributes
  • user_agent

    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; UHS)

Signatures

  • Cobaltstrike

    Detected malicious payload which is part of Cobaltstrike.

    trojanbackdoorcobaltstrike
  • Blocklisted process makes network request 20 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\33d09273dc6cd6f995271202a20e8df2e0579a066db9b0bdcbfff7da7afe3768.ps1
    1⤵
    • Blocklisted process makes network request
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1768

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1768-58-0x000000001B300000-0x000000001B5E2000-memory.dmp
    Filesize

    2.9MB

    Download
  • memory/1768-59-0x0000000002470000-0x0000000002478000-memory.dmp
    Filesize

    32KB

    Download
  • memory/1768-60-0x0000000002960000-0x00000000029E0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1768-61-0x0000000002960000-0x00000000029E0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1768-62-0x0000000002960000-0x00000000029E0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1768-63-0x0000000002960000-0x00000000029E0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1768-64-0x0000000002950000-0x0000000002951000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1768-65-0x0000000002960000-0x00000000029E0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1768-66-0x0000000002960000-0x00000000029E0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1768-67-0x0000000002960000-0x00000000029E0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1768-68-0x0000000002960000-0x00000000029E0000-memory.dmp
    Filesize

    512KB

    Download