Behavioral task
behavioral1
Sample
1972-74-0x00000000021D0000-0x000000000221F000-memory.dll
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
1972-74-0x00000000021D0000-0x000000000221F000-memory.dll
Resource
win10v2004-20230220-en
General
-
Target
1972-74-0x00000000021D0000-0x000000000221F000-memory.dmp
-
Size
316KB
-
MD5
d37f63e73aea39a56ba9ce7e25b2f053
-
SHA1
53e80b497ebbf42f21e995153127255cf8cfb879
-
SHA256
9e6b89b0b5812fcdc5ccab8b97c0ff12dfb59998d3601fee215f4b7d1d261424
-
SHA512
3ba47442627d9e47cb6a682b678d4d24a27fbcee8e0da46f3ef43d9f8b908c7668feb5a381368c4b9023cbd492aa34e5d1f47a1b5d9f4d4de0c7765b8f9d8b81
-
SSDEEP
6144:uJqVG5d1IpMyibgkTZI6jHID90aLFfUvH/:u3d6tevox7FfW
Malware Config
Extracted
cobaltstrike
0
-
watermark
0
Signatures
-
Cobaltstrike family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1972-74-0x00000000021D0000-0x000000000221F000-memory.dmp
Files
-
1972-74-0x00000000021D0000-0x000000000221F000-memory.dmp.dll windows x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
.text Size: 174KB - Virtual size: 173KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 62KB - Virtual size: 62KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 9KB - Virtual size: 52KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ