Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
-
submitted
08-08-2023 11:49
General
-
Target
cobalt_http3.pcap
-
Size
10.1MB
-
MD5
a7954c88b5c87acbdd9c4e3ac9e48de4
-
SHA1
6e57d52016c522b74f743f16ba5f56a45d153a4a
-
SHA256
04afb038f98211a2ec8e013eaa4b30d45e55b9d82570b42ec6ca9e19c3ff707f
-
SHA512
f50f9cbea556d22f86b73f701e64d5cfae0442ee8788c0e47e5e618e6277976f621da62b43d7ae2f21f1ab9057d0894fc17d7b8edc8aa6c58a51b990a82433bd
-
SSDEEP
196608:Ap3pMHb2SxU5DQ51OG0ItWoCQRDvtJ9dZUfaLNOtd+tvQJp5l1iscosHhNy:e5M727oI6CstJLZUfLqc5lEPosHr
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\cobalt_http3.pcap1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\cobalt_http3.pcap2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\cobalt_http3.pcap"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD51b7fc406c3abbf360ead03493f04d296
SHA171e41d109680b9329f6af15cfeccf0aa78d36ffd
SHA256027579ee4f645287acf08813b93ffcb21137959788c6bd580778786d05a73d05
SHA512a4d9dc79323c87b29b87dcf3bc9aa8f9d5b8ad9a7d4f6a20b5c129d421af4c51bd327868d0949cea51aea954ca28090e6cd528821293a14b7a23ce4cea9a56f1