Analysis
-
max time kernel
291s -
max time network
295s -
platform
windows10-1703_x64 -
resource
win10-20230703-en -
resource tags
arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system -
submitted
13-08-2023 11:58
Static task
static1
Behavioral task
behavioral1
Sample
lsass.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
lsass.exe
Resource
win10-20230703-en
Behavioral task
behavioral3
Sample
lsass.exe
Resource
win10v2004-20230703-en
General
-
Target
lsass.exe
-
Size
2.8MB
-
MD5
a832cc87a6c0c80ee12adddebd1dbf2d
-
SHA1
51b5f69421c4e5d57602f6b7dbc31ac1fed8010e
-
SHA256
08652d415a6b8f788a0e4914b3517c81fc49ef1be964548e00b92067fa66b702
-
SHA512
2e9d96d474eca87e8897ca021c6e6ea0da3ebb66ce9f0cee02c72525a9234546a116ce90cac807b4e5928308e013f92ba5f87e64e2e501d6f393aa8951b80b61
-
SSDEEP
49152:zYZKdX+/IwlGW3b96tAtUpQw2D11j3gMebfM2+CJhQgrCg07p5vIMa:vAx3bkGqpQnEU3If
Malware Config
Extracted
cobaltstrike
0
http://bba.ccb.com.cdn.dnsv1.com.cn:443/static/skin/js/jquery-3.3.1.min.js
-
access_type
512
-
host
bba.ccb.com.cdn.dnsv1.com.cn,/static/skin/js/jquery-3.3.1.min.js
-
http_header1
aWR2eVVhTURLdWJXVzRUTDNpUGpCdz09AAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
2048
-
port_number
443
-
sc_process32
%windir%\syswow64\dllhost.exe
-
sc_process64
%windir%\sysnative\dllhost.exe
-
unknown1
4.234810624e+09
-
unknown2
AAAABAAAAAEAAAXyAAAAAgAAAFQAAAACAAAPWwAAAA0AAAAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/static/skin/js/jquery-3.3.2.min.js
-
watermark
0
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.