395e67184306ce16a2697ffb8d8ea21c9382a1f581cc1ee748d3a90065a388ea

Analysis

max time kernel
139s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230824-en
resource tags

arch:x64arch:x86image:win10v2004-20230824-enlocale:en-usos:windows10-2004-x64system
submitted
28-08-2023 19:56

Target

cbcfd168bcc36e1f09aff275de5944e6_cobalt-strike_cobaltstrike_meterpreter_JC.dll
Size

218KB
MD5

cbcfd168bcc36e1f09aff275de5944e6
SHA1

9defc51af1a4571eb15e391b596141f08bf2aa7b
SHA256

395e67184306ce16a2697ffb8d8ea21c9382a1f581cc1ee748d3a90065a388ea
SHA512

6c72b58f33a51383b79e2aae585d75a39bab6e2502eb3c95eb10193e3f7c6a5afa4e8d6a222f5083b11c3f5257c0fa74190f551ba85d9ffdd2f8ad763b138088
SSDEEP

3072:MJ2poPftQSDAl/kBD5y8Im+hOuJ7tGrKBkQYouhnjGtjlUz5Q:Mk6QsAmBD08IlXJZuykZhnjuj

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2240	1944	WerFault.exe	85

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2136 wrote to memory of 1944	2136	rundll32.exe	85
PID 2136 wrote to memory of 1944	2136	rundll32.exe	85
PID 2136 wrote to memory of 1944	2136	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cbcfd168bcc36e1f09aff275de5944e6_cobalt-strike_cobaltstrike_meterpreter_JC.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2136
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cbcfd168bcc36e1f09aff275de5944e6_cobalt-strike_cobaltstrike_meterpreter_JC.dll,#1
  2⤵
  PID:1944
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 560
    3⤵
    - Program crash
    PID:2240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1944 -ip 1944
1⤵
PID:4212