Analysis
-
max time kernel
133s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
-
submitted
22/08/2023, 03:31
General
-
Target
addc16f5375e7bc2a6290a933a7d9452d438194748fb66bae045fe3cd7e8d1ef.exe
-
Size
86KB
-
MD5
4447176c9f975504b08c391b47ec08a3
-
SHA1
9baef9e956a4f25a89950c35835cfcedfa11e977
-
SHA256
addc16f5375e7bc2a6290a933a7d9452d438194748fb66bae045fe3cd7e8d1ef
-
SHA512
a314b3124ede60aa51f9b25015bfc29995074f6d6751fe89ca9620858821230e5a8e4fb00a393e021cc38acd27d4c9704ba5c2e0b6d4dcfff59ea7fdecea79a1
-
SSDEEP
1536:v3KynxwCOniuwA9NwXYUHgI5XtUqE80Ci0Q0ykBksNRbPuusWd3cdvJ1:/3Ot3NOHgz80Ci0BykbPCvJ1
Malware Config
Extracted
metasploit
windows/download_exec
http://mndacdt.monster:2096/IeeI
Extracted
cobaltstrike
100000
http://mndacdt.monster:2096/include/template/isx.php
-
access_type
512
-
beacon_type
2048
-
host
mndacdt.monster,/include/template/isx.php
-
http_header1
AAAACgAAAB5SZWZlcmVyOiBodHRwOi8vd3d3Lmdvb2dsZS5jb20AAAAKAAAAa0FjY2VwdDogdGV4dC94bWwsYXBwbGljYXRpb24veG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCx0ZXh0L2h0bWw7cT0wLjksdGV4dC9wbGFpbjtxPTAuOCxpbWFnZS9wbmcsKi8qO3E9MC41AAAACgAAAB9BY2NlcHQtTGFuZ3VhZ2U6IGVuLXVzLGVuO3E9MC41AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
30000
-
port_number
2096
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCB3baeBAXh5vAYg0YTZQwX1H2zK8OO3XeNTdIpppoS+nJVJogn/fi+5QLPBVV7JTLU8E++NnpudJmUk4cLrNvEmQwUfCugyay6mI6QP01YIBVP9d/mG7Sm3LlR1KlaPoItqV5UdrDdtkEZ6iBB4mvs8tVkqNhccnAYCcDS15fpXwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
3.998553344e+09
-
unknown2
AAAABAAAAAEAAAAWAAAAAgAAAIAAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/includes/phpmailer/class.pop3.php
-
user_agent
Mozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 5.2) Java/1.5.0_08
-
watermark
100000
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
Processes
-
C:\Users\Admin\AppData\Local\Temp\addc16f5375e7bc2a6290a933a7d9452d438194748fb66bae045fe3cd7e8d1ef.exe"C:\Users\Admin\AppData\Local\Temp\addc16f5375e7bc2a6290a933a7d9452d438194748fb66bae045fe3cd7e8d1ef.exe"1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
4.0MB
-
Filesize
340KB
-
Filesize
340KB