Analysis
-
max time kernel
142s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
20-09-2023 10:30
Static task
static1
Behavioral task
behavioral1
Sample
0b5843080e2a062cde9f5a4220d40a4604d664757adeba28b1b8df311daae937.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
0b5843080e2a062cde9f5a4220d40a4604d664757adeba28b1b8df311daae937.exe
Resource
win10v2004-20230915-en
General
-
Target
0b5843080e2a062cde9f5a4220d40a4604d664757adeba28b1b8df311daae937.exe
-
Size
342KB
-
MD5
76452f7e2d6c4d157dad6963d078990e
-
SHA1
839868abc0813555cafc78c9e5829915baeec986
-
SHA256
0b5843080e2a062cde9f5a4220d40a4604d664757adeba28b1b8df311daae937
-
SHA512
68fc22589f442fef85c5c6f953992a8f51455d8735ef3fec6589eabab13889e7ab6bccc7b679a7f4334fda68d8e8e4d97985668ff7450241059da4de41e68021
-
SSDEEP
6144:3yFTOnWYkjI+vQnhMINvh9LFUevWsXm2sOoh48vvvvPvBqnSxQwkFk:3oTOWY8Qn28tFzo4SCwyk
Malware Config
Extracted
cobaltstrike
100000
-
beacon_type
512
-
http_header1
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_header2
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
pipe_name
\\.\pipe\4a752176a9a74fe098048dba200a5bf6
-
polling_time
10000
-
port_number
4444
-
sc_process32
%windir%\syswow64\dllhost.exe
-
sc_process64
%windir%\sysnative\dllhost.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCSAj4+QAAGFW/w4165Jsu5jjWfTxklcMTrw5I9MyComrznseEQBhvjhSy3R5hFwX2C6XenT+fHN722ch6IZhDgXaMnVjfm2eZBRptFfZ+l4YcjdZo0lunaiNBlcMv+IsfVGd3RvSyBa6cuiNODLZlK1U+W+slnOAbKBkeWrlisBQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
watermark
100000
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.