Analysis

  • max time kernel
    143s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-09-2023 23:23

General

  • Target

    235f403b037f7b4e007976a2204b90ef9421890927c744f89dc811e5eea021c3.exe

  • Size

    2MB

  • MD5

    9087a4ff80b20002a53d4e5f3a3789be

  • SHA1

    f2a274fc208ff0ee3c5c8208dc37560f364b17ea

  • SHA256

    235f403b037f7b4e007976a2204b90ef9421890927c744f89dc811e5eea021c3

  • SHA512

    d06ffaf0589adecfb5a45944baf5fb1dd7b5d18913a1c5a22223eddff080c439c70584ce6f23103c932b758ca868b629411f542e76b1a3608a6036c46e205e54

  • SSDEEP

    6144:nbohmAJS+oKnks2Ru42KKVuDiEgHy2ivoBcI6xSTb3+igmogOKIetNDpWzaiPi9:nU0/IkPIz9FsZw0sbOoBT0i9

Malware Config

Extracted

Family

cobaltstrike

Botnet

1

C2

http://142.93.77.61:443/_/scs/mail-static/_/js/

Attributes
  • access_type

    512

  • beacon_type

    2048

  • host

    142.93.77.61,/_/scs/mail-static/_/js/

  • http_header1

    AAAABwAAAAAAAAADAAAAAgAAAAVPU0lEPQAAAAYAAAAGQ29va2llAAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAfQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuNQAAAAoAAAAeQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlAAAACgAAAAZETlQ6IDEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACQAAAA11aT1kMzI0NGM0NzA3AAAACQAAAAtob3A9NjkyODYzMgAAAAkAAAAHc3RhcnQ9MAAAAAoAAAA9Q29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQ7Y2hhcnNldD11dGYtOAAAAAcAAAAAAAAAAwAAAAIAAAAFT1NJRD0AAAAGAAAABkNvb2tpZQAAAAcAAAABAAAAAwAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • jitter

    3840

  • maxdns

    255

  • polling_time

    60000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCmvsAeKxSgXApnTJfpxsXXIefGGdh28phbk3wEsA5TxlX687DiQ2jDzFPkjcHMTcP65msxcDrEkfgWdX9rGlMEorUwv8ewAMN2Tg5fvhKwXh9YbJVbx6n+jLcUdTAXk/SG7TA5ozu35nPMoSlHRFidSSgXbSo5RKqi/dsFAYB86wIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    5.37071616e+08

  • unknown2

    AAAABAAAAAEAAAF3AAAAAQAAAPoAAAACAAAABAAAAAIAAAAcAAAAAgAAACQAAAACAAAAEgAAAAIAAAAEAAAAAgAAABwAAAACAAAAJAAAAAIAAAARAAAAAgAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /mail/u/0/

  • user_agent

    Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322)

  • watermark

    1

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\235f403b037f7b4e007976a2204b90ef9421890927c744f89dc811e5eea021c3.exe
    "C:\Users\Admin\AppData\Local\Temp\235f403b037f7b4e007976a2204b90ef9421890927c744f89dc811e5eea021c3.exe"
    1⤵
      PID:4636

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4636-0-0x0000000000400000-0x0000000000453000-memory.dmp
      Filesize

      332KB

    • memory/4636-2-0x0000000000400000-0x0000000000453000-memory.dmp
      Filesize

      332KB

    • memory/4636-1-0x0000015283D40000-0x0000015283D81000-memory.dmp
      Filesize

      260KB

    • memory/4636-3-0x00000152840F0000-0x0000015284143000-memory.dmp
      Filesize

      332KB

    • memory/4636-4-0x00000152840F0000-0x0000015284143000-memory.dmp
      Filesize

      332KB

    • memory/4636-5-0x00007FF631310000-0x00007FF6315EE000-memory.dmp
      Filesize

      2MB