e800f2b4a0f1cf4db2f4a3046ad54705440516319c7e0f0c3dc50fd62f587ec8

Analysis

max time kernel
141s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230831-en
resource tags

arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system
submitted
02/09/2023, 17:17

Target

2023-08-22_59b76eafe51f065b5d51ef09a36425cc_cobalt-strike_cobaltstrike_meterpreter_JC.dll
Size

208KB
MD5

59b76eafe51f065b5d51ef09a36425cc
SHA1

9caeefea45dddb22189782d8b30d566ff6d44769
SHA256

e800f2b4a0f1cf4db2f4a3046ad54705440516319c7e0f0c3dc50fd62f587ec8
SHA512

165a2adcb9cc8eefe90b0e1cf3f0b4d87656d16df79639615e034a887dc497bb0d9305ba952aff9557fe2f463112d70afb4f8bb458078297872c036557405f1c
SSDEEP

3072:LI6CqRCxffkClZ8Ccn7LQlRw6x+Y3CxT2DtK5jdUeY5n:LIDff9D8C6XYRw6MT2DEj

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3172	3824	WerFault.exe	83

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4232 wrote to memory of 3824	4232	rundll32.exe	83
PID 4232 wrote to memory of 3824	4232	rundll32.exe	83
PID 4232 wrote to memory of 3824	4232	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2023-08-22_59b76eafe51f065b5d51ef09a36425cc_cobalt-strike_cobaltstrike_meterpreter_JC.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4232
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2023-08-22_59b76eafe51f065b5d51ef09a36425cc_cobalt-strike_cobaltstrike_meterpreter_JC.dll,#1
  2⤵
  PID:3824
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 632
    3⤵
    - Program crash
    PID:3172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 3824 -ip 3824
1⤵
PID:544