Analysis Overview
SHA256
2df6120cd731f10cf4a0282e83617285c5dc2ae659828ac626670c786b996f47
Threat Level: Known bad
The file 2df6120cd731f10cf4a0282e83617285c5dc2ae659828ac626670c786b996f47 was found to be: Known bad.
Malicious Activity Summary
Cobaltstrike
Unsigned PE
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2023-09-16 08:30
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-09-16 08:30
Reported
2023-09-16 08:33
Platform
win7-20230831-en
Max time kernel
146s
Max time network
154s
Command Line
Signatures
Cobaltstrike
Processes
C:\Users\Admin\AppData\Local\Temp\2df6120cd731f10cf4a0282e83617285c5dc2ae659828ac626670c786b996f47.exe
"C:\Users\Admin\AppData\Local\Temp\2df6120cd731f10cf4a0282e83617285c5dc2ae659828ac626670c786b996f47.exe"
Network
| Country | Destination | Domain | Proto |
| CN | 119.96.194.181:4455 | outlook.live.com | tcp |
| CN | 119.96.194.181:4455 | outlook.live.com | tcp |
| CN | 119.96.194.181:4455 | outlook.live.com | tcp |
| CN | 119.96.194.181:4455 | outlook.live.com | tcp |
| CN | 119.96.194.181:4455 | outlook.live.com | tcp |
| CN | 119.96.194.181:4455 | outlook.live.com | tcp |
| CN | 119.96.194.181:4455 | outlook.live.com | tcp |
| CN | 119.96.194.181:4455 | outlook.live.com | tcp |
| CN | 119.96.194.181:4455 | tcp | |
| CN | 119.96.194.181:4455 | outlook.live.com | tcp |
| CN | 119.96.194.181:4455 | outlook.live.com | tcp |
| CN | 119.96.194.181:4455 | outlook.live.com | tcp |
| CN | 119.96.194.181:4455 | outlook.live.com | tcp |
| CN | 119.96.194.181:4455 | outlook.live.com | tcp |
| CN | 119.96.194.181:4455 | outlook.live.com | tcp |
| CN | 119.96.194.181:4455 | outlook.live.com | tcp |
| CN | 119.96.194.181:4455 | outlook.live.com | tcp |
| CN | 119.96.194.181:4455 | outlook.live.com | tcp |
| CN | 119.96.194.181:4455 | outlook.live.com | tcp |
Files
memory/1712-0-0x00000000006B0000-0x0000000000730000-memory.dmp
memory/1712-2-0x0000000003E80000-0x0000000004280000-memory.dmp
memory/1712-1-0x000007FEF7F00000-0x000007FEF7FAC000-memory.dmp
memory/1712-3-0x00000000006B0000-0x0000000000730000-memory.dmp
memory/1712-4-0x000000013F700000-0x000000013F78A000-memory.dmp
memory/1712-5-0x000007FEF7F00000-0x000007FEF7FAC000-memory.dmp
memory/1712-6-0x0000000003E80000-0x0000000004280000-memory.dmp
memory/1712-7-0x000000013F700000-0x000000013F78A000-memory.dmp
memory/1712-10-0x000007FEF7F00000-0x000007FEF7FAC000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2023-09-16 08:30
Reported
2023-09-16 08:33
Platform
win10v2004-20230915-en
Max time kernel
152s
Max time network
156s
Command Line
Signatures
Cobaltstrike
Processes
C:\Users\Admin\AppData\Local\Temp\2df6120cd731f10cf4a0282e83617285c5dc2ae659828ac626670c786b996f47.exe
"C:\Users\Admin\AppData\Local\Temp\2df6120cd731f10cf4a0282e83617285c5dc2ae659828ac626670c786b996f47.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| CN | 119.96.194.181:4455 | outlook.live.com | tcp |
| US | 8.8.8.8:53 | 181.194.96.119.in-addr.arpa | udp |
| CN | 119.96.194.181:4455 | outlook.live.com | tcp |
| CN | 119.96.194.181:4455 | outlook.live.com | tcp |
| CN | 119.96.194.181:4455 | outlook.live.com | tcp |
| CN | 119.96.194.181:4455 | outlook.live.com | tcp |
| US | 8.8.8.8:53 | 254.105.26.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.177.238.8.in-addr.arpa | udp |
| CN | 119.96.194.181:4455 | outlook.live.com | tcp |
| CN | 119.96.194.181:4455 | outlook.live.com | tcp |
| CN | 119.96.194.181:4455 | outlook.live.com | tcp |
| CN | 119.96.194.181:4455 | outlook.live.com | tcp |
| CN | 119.96.194.181:4455 | outlook.live.com | tcp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| CN | 119.96.194.181:4455 | outlook.live.com | tcp |
| CN | 119.96.194.181:4455 | outlook.live.com | tcp |
| CN | 119.96.194.181:4455 | outlook.live.com | tcp |
| CN | 119.96.194.181:4455 | outlook.live.com | tcp |
| CN | 119.96.194.181:4455 | outlook.live.com | tcp |
| CN | 119.96.194.181:4455 | outlook.live.com | tcp |
| CN | 119.96.194.181:4455 | outlook.live.com | tcp |
| CN | 119.96.194.181:4455 | outlook.live.com | tcp |
| CN | 119.96.194.181:4455 | outlook.live.com | tcp |
| CN | 119.96.194.181:4455 | outlook.live.com | tcp |
| US | 8.8.8.8:53 | 5.173.189.20.in-addr.arpa | udp |
| CN | 119.96.194.181:4455 | outlook.live.com | tcp |
| CN | 119.96.194.181:4455 | outlook.live.com | tcp |
| CN | 119.96.194.181:4455 | outlook.live.com | tcp |
| CN | 119.96.194.181:4455 | outlook.live.com | tcp |
| CN | 119.96.194.181:4455 | outlook.live.com | tcp |
| CN | 119.96.194.181:4455 | tcp |
Files
memory/1892-0-0x0000022203960000-0x0000022203970000-memory.dmp
memory/1892-1-0x00000222054E0000-0x00000222058E0000-memory.dmp
memory/1892-2-0x00007FFC40940000-0x00007FFC409CD000-memory.dmp
memory/1892-3-0x00007FF774860000-0x00007FF7748EA000-memory.dmp
memory/1892-4-0x00007FFC40940000-0x00007FFC409CD000-memory.dmp
memory/1892-6-0x00007FFC40940000-0x00007FFC409CD000-memory.dmp
memory/1892-8-0x00007FFC40940000-0x00007FFC409CD000-memory.dmp
memory/1892-10-0x00007FFC40940000-0x00007FFC409CD000-memory.dmp
memory/1892-12-0x00007FFC40940000-0x00007FFC409CD000-memory.dmp
memory/1892-14-0x00007FFC40940000-0x00007FFC409CD000-memory.dmp
memory/1892-16-0x00007FFC40940000-0x00007FFC409CD000-memory.dmp
memory/1892-18-0x00007FFC40940000-0x00007FFC409CD000-memory.dmp
memory/1892-20-0x00007FFC40940000-0x00007FFC409CD000-memory.dmp
memory/1892-22-0x00007FFC40940000-0x00007FFC409CD000-memory.dmp
memory/1892-26-0x00007FFC40940000-0x00007FFC409CD000-memory.dmp
memory/1892-27-0x00007FF774860000-0x00007FF7748EA000-memory.dmp
memory/1892-28-0x00007FFC40940000-0x00007FFC409CD000-memory.dmp
memory/1892-30-0x00007FFC40940000-0x00007FFC409CD000-memory.dmp