Analysis
-
max time kernel
140s -
max time network
138s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
-
submitted
10-08-2023 10:47
General
-
Target
1e241c5e49a9fdf6a8520de02a8540f87b9393d7e5d4b01575a49569f8d1581a.exe
-
Size
316KB
-
MD5
f42c5b9b86b9a615b13a6f6aebcaf6db
-
SHA1
535718cde43aec2e071c7f76648117e83a8dfb78
-
SHA256
1e241c5e49a9fdf6a8520de02a8540f87b9393d7e5d4b01575a49569f8d1581a
-
SHA512
b40d49b966033f52d35b8b937054269b57291664be854e8506cfa4dc7d41afa53f432cf6b840e7d0f4585041e4d054bd52945c12a4bbda25d3799a3268559cfd
-
SSDEEP
6144:F1YlNk2GVPYzoBEuC8Wr9hrqc5FDlD6PX055tr9L4:jYlNRmFJC8y9hrqGdVt5rra
Malware Config
Extracted
cobaltstrike
1359593325
http://5.39.222.84:80/cx
-
access_type
512
-
host
5.39.222.84,/cx
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
80
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCHFcV/jTWIWbMLGsg/xD3cCk0yHN+dWUBeSAZEdvXFEiawkFkWyJWyGyT0NbgSrwHmz+krYJY6l6YOoUNPWMNc6YpuQUYrBiilMX6rDkmmqUqem2tP6G4E6nBva8DOwNu671c8iFZeK4M8s6PPnUDuEuSHchHBLc5wV6Ew7BLO5QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0)
-
watermark
1359593325
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
Processes
-
C:\Users\Admin\AppData\Local\Temp\1e241c5e49a9fdf6a8520de02a8540f87b9393d7e5d4b01575a49569f8d1581a.exe"C:\Users\Admin\AppData\Local\Temp\1e241c5e49a9fdf6a8520de02a8540f87b9393d7e5d4b01575a49569f8d1581a.exe"1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1368-54-0x0000000000220000-0x0000000000267000-memory.dmpFilesize
284KB
-
memory/1368-55-0x0000000000400000-0x0000000000452000-memory.dmpFilesize
328KB
-
memory/1368-56-0x0000000000370000-0x00000000003A3000-memory.dmpFilesize
204KB
-
memory/1368-57-0x0000000000460000-0x000000000049D000-memory.dmpFilesize
244KB
-
memory/1368-59-0x0000000000460000-0x000000000049D000-memory.dmpFilesize
244KB