Analysis
-
max time kernel
122s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
15-09-2023 15:13
Behavioral task
behavioral1
Sample
2023-08-25_a82bb03d317993d66ddf7099f0c021af_cobalt-strike_cobaltstrike_meterpreter_JC.dll
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
2023-08-25_a82bb03d317993d66ddf7099f0c021af_cobalt-strike_cobaltstrike_meterpreter_JC.dll
Resource
win10v2004-20230915-en
General
-
Target
2023-08-25_a82bb03d317993d66ddf7099f0c021af_cobalt-strike_cobaltstrike_meterpreter_JC.dll
-
Size
199KB
-
MD5
a82bb03d317993d66ddf7099f0c021af
-
SHA1
01d703c70945ca1e99364eaf3fb8cca4d625569c
-
SHA256
03d3ca877d9355c3d809c3994b5e1b4a6c3df555c68e0b7f46a5367f9b039afd
-
SHA512
093f289f44f39e40c3e196b23fc16e5014bb0934b5a6c0a2b58cb9c039a96d78edec4bc78452ef844e449da7569cbd8c7afbec1c27a73b8d793ef79a6ef973d0
-
SSDEEP
3072:LI6CqRCxffkClZ8Ccn7LQlRw6x+Y3CxT2DtK5jdU4zY5aY:LIDff9D8C6XYRw6MT2DEj+
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1952 wrote to memory of 2296 1952 rundll32.exe rundll32.exe PID 1952 wrote to memory of 2296 1952 rundll32.exe rundll32.exe PID 1952 wrote to memory of 2296 1952 rundll32.exe rundll32.exe PID 1952 wrote to memory of 2296 1952 rundll32.exe rundll32.exe PID 1952 wrote to memory of 2296 1952 rundll32.exe rundll32.exe PID 1952 wrote to memory of 2296 1952 rundll32.exe rundll32.exe PID 1952 wrote to memory of 2296 1952 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2023-08-25_a82bb03d317993d66ddf7099f0c021af_cobalt-strike_cobaltstrike_meterpreter_JC.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1952 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2023-08-25_a82bb03d317993d66ddf7099f0c021af_cobalt-strike_cobaltstrike_meterpreter_JC.dll,#12⤵PID:2296