Analysis
-
max time kernel
119s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
03-09-2023 13:05
Behavioral task
behavioral1
Sample
2023-08-22_d0d1ede925af99a08fd475a4ba7e076f_cobalt-strike_cobaltstrike_havex_JC.dll
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
2023-08-22_d0d1ede925af99a08fd475a4ba7e076f_cobalt-strike_cobaltstrike_havex_JC.dll
Resource
win10v2004-20230831-en
General
-
Target
2023-08-22_d0d1ede925af99a08fd475a4ba7e076f_cobalt-strike_cobaltstrike_havex_JC.dll
-
Size
208KB
-
MD5
d0d1ede925af99a08fd475a4ba7e076f
-
SHA1
7c318dbe3e492e376f6fe1a4d2b3da89dd673a6d
-
SHA256
8af4c35ce2fbaa68c1736fc69073acb459e7c2094dd9f6dd9ce611eb3168c195
-
SHA512
30f4face351b2a5809351a53c27e6db180f92943bd9928c9b8c226ade586b336bd0da8b48420d8bc6df32c15ce091c97b757cc135a2f09b1cfceecee81db9df0
-
SSDEEP
3072:1I6CqRCxffkClZ8Ccn7LQlRw6x+Y3CxT2DtK5jdUmY53:1IDff9D8C6XYRw6MT2DEj
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1916 wrote to memory of 2296 1916 rundll32.exe rundll32.exe PID 1916 wrote to memory of 2296 1916 rundll32.exe rundll32.exe PID 1916 wrote to memory of 2296 1916 rundll32.exe rundll32.exe PID 1916 wrote to memory of 2296 1916 rundll32.exe rundll32.exe PID 1916 wrote to memory of 2296 1916 rundll32.exe rundll32.exe PID 1916 wrote to memory of 2296 1916 rundll32.exe rundll32.exe PID 1916 wrote to memory of 2296 1916 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2023-08-22_d0d1ede925af99a08fd475a4ba7e076f_cobalt-strike_cobaltstrike_havex_JC.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1916 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2023-08-22_d0d1ede925af99a08fd475a4ba7e076f_cobalt-strike_cobaltstrike_havex_JC.dll,#12⤵PID:2296