Overview
overview
10Static
static
32bc78e0d14...2d.exe
windows7-x64
102bc78e0d14...2d.exe
windows10-2004-x64
104922d2660f...c5.exe
windows7-x64
104922d2660f...c5.exe
windows10-2004-x64
14e14f58935...61.exe
windows7-x64
104e14f58935...61.exe
windows10-2004-x64
164b9d76ec0...52.exe
windows7-x64
1064b9d76ec0...52.exe
windows10-2004-x64
379f68c9a2d...ee.exe
windows7-x64
779f68c9a2d...ee.exe
windows10-2004-x64
7c984a9446b...d3.exe
windows7-x64
10c984a9446b...d3.exe
windows10-2004-x64
3d69dc8e0a1...67.exe
windows7-x64
10d69dc8e0a1...67.exe
windows10-2004-x64
10dff2cf2793...3f.exe
windows7-x64
10dff2cf2793...3f.exe
windows10-2004-x64
1e542080348...18.exe
windows7-x64
10e542080348...18.exe
windows10-2004-x64
10f96c9a2487...e6.exe
windows7-x64
10f96c9a2487...e6.exe
windows10-2004-x64
3fe2da521d1...ff.exe
windows7-x64
10fe2da521d1...ff.exe
windows10-2004-x64
1Analysis
-
max time kernel
141s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
16-06-2023 15:11
Behavioral task
behavioral1
Sample
2bc78e0d14294e35e680b1a6d530adb0cdd04090e1f2bda2f7a4571b8265162d.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
2bc78e0d14294e35e680b1a6d530adb0cdd04090e1f2bda2f7a4571b8265162d.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
4922d2660f30b4a1729b6861093b491a60ab49586545106b24af2840aa690ac5.exe
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
4922d2660f30b4a1729b6861093b491a60ab49586545106b24af2840aa690ac5.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
4e14f58935961de4c602799826fe779776890a35ab1472ef4501377bfc413361.exe
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
4e14f58935961de4c602799826fe779776890a35ab1472ef4501377bfc413361.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral7
Sample
64b9d76ec0d30f2875691f8b230e5caf8cddfa50ba1a763d59680473b2be0a52.exe
Resource
win7-20230220-en
Behavioral task
behavioral8
Sample
64b9d76ec0d30f2875691f8b230e5caf8cddfa50ba1a763d59680473b2be0a52.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral9
Sample
79f68c9a2d1fdd27465c2cc6e2e90da2e2a6d90a5346ab5b109b64fb7457b6ee.exe
Resource
win7-20230220-en
Behavioral task
behavioral10
Sample
79f68c9a2d1fdd27465c2cc6e2e90da2e2a6d90a5346ab5b109b64fb7457b6ee.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral11
Sample
c984a9446b24e7a75a7b034c5074e483fce1cace1591119c1a462d0cb2d509d3.exe
Resource
win7-20230220-en
Behavioral task
behavioral12
Sample
c984a9446b24e7a75a7b034c5074e483fce1cace1591119c1a462d0cb2d509d3.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral13
Sample
d69dc8e0a175d54082c6f8650294e8a243536ca6183f4f62050f8bc017d05f67.exe
Resource
win7-20230220-en
Behavioral task
behavioral14
Sample
d69dc8e0a175d54082c6f8650294e8a243536ca6183f4f62050f8bc017d05f67.exe
Resource
win10v2004-20230221-en
Behavioral task
behavioral15
Sample
dff2cf279301edf6166a5f144b93922f245bbfe58030e0633497f4271f6a763f.exe
Resource
win7-20230220-en
Behavioral task
behavioral16
Sample
dff2cf279301edf6166a5f144b93922f245bbfe58030e0633497f4271f6a763f.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral17
Sample
e5420803485f33ca53c3314eb2a77370bf936083e5d32e1e0a53427731aed418.exe
Resource
win7-20230220-en
Behavioral task
behavioral18
Sample
e5420803485f33ca53c3314eb2a77370bf936083e5d32e1e0a53427731aed418.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral19
Sample
f96c9a248732ef1465a9bf5d838c3ff5b47c0330dbc05be28611fc1c7461f9e6.exe
Resource
win7-20230220-en
Behavioral task
behavioral20
Sample
f96c9a248732ef1465a9bf5d838c3ff5b47c0330dbc05be28611fc1c7461f9e6.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral21
Sample
fe2da521d1ffb45f669a038f6c729378978c3c144e4008bdcd70cf4edc2c1bff.exe
Resource
win7-20230220-en
Behavioral task
behavioral22
Sample
fe2da521d1ffb45f669a038f6c729378978c3c144e4008bdcd70cf4edc2c1bff.exe
Resource
win10v2004-20230220-en
General
-
Target
2bc78e0d14294e35e680b1a6d530adb0cdd04090e1f2bda2f7a4571b8265162d.exe
-
Size
148KB
-
MD5
5962e66c82fcd853fbfe2c6e8fdf3058
-
SHA1
74c6b0b42ba3d888b630d7f42c6924aecc40a9d4
-
SHA256
2bc78e0d14294e35e680b1a6d530adb0cdd04090e1f2bda2f7a4571b8265162d
-
SHA512
08965e5b3a5737d6eb9754b48c12cbf8ad9cba5195d87e14304a386f4a463acb00ac8d0dd1467307f8dfa6a962beff59697d815ba1d7b577fe257a280d4698eb
-
SSDEEP
3072:kyqybyIkfZmxLCokgxcE4VFWGAGP4gqSBmQ:Yyu6LC9gxAVFWU4gXL
Malware Config
Extracted
cobaltstrike
http://45.77.45.243:80/MHYo
-
user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; LEN2)
Extracted
cobaltstrike
391144938
http://45.77.45.243:80/__utm.gif
-
access_type
512
-
host
45.77.45.243,/__utm.gif
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
80
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD1MdX3ZRB269oOFHhcS9y7/4ze8AhFcGBKcU1oxKJmsPnFb0veqfUoNBE0uJCpJOzoKyNvngcJuz76aRb0Hvwag2mIXrX5f/3UB3P2WZFtxVHOhYgXLVPd8VlQD9eAPPUEceDRBN2lvYJGuakGOOCQTzb21ErU1bl10tHS2cFATwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET4.0C)
-
watermark
391144938
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs
Processes:
2bc78e0d14294e35e680b1a6d530adb0cdd04090e1f2bda2f7a4571b8265162d.exepid process 2668 2bc78e0d14294e35e680b1a6d530adb0cdd04090e1f2bda2f7a4571b8265162d.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2668-133-0x0000000000020000-0x0000000000021000-memory.dmpFilesize
4KB
-
memory/2668-134-0x0000000000020000-0x0000000000021000-memory.dmpFilesize
4KB
-
memory/2668-135-0x00000000006A0000-0x00000000006A2000-memory.dmpFilesize
8KB
-
memory/2668-136-0x00000000037D0000-0x0000000003BD0000-memory.dmpFilesize
4.0MB
-
memory/2668-137-0x00000000009D0000-0x0000000000A22000-memory.dmpFilesize
328KB
-
memory/2668-138-0x0000000000400000-0x000000000042C000-memory.dmpFilesize
176KB