Analysis
-
max time kernel
147s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
23-09-2023 11:08
General
-
Target
0a83626cf498751ee78185bd3b06a884dd511ce5c70c4af2f24d4a4385181aa9.exe
-
Size
631KB
-
MD5
fd94904ed62387c1c783699971c0b9f6
-
SHA1
9b38b685f67975e3d1ad1ca0496c20557e88d033
-
SHA256
0a83626cf498751ee78185bd3b06a884dd511ce5c70c4af2f24d4a4385181aa9
-
SHA512
1456bbccfe753a4b5238667d0c99bef7a53e370598352c02cf512056a67ceee09ee68a425d08fc46a9caa4ffb6c0454aa7ad3606ef1017a451b9fd901004801d
-
SSDEEP
12288:r2df9EIHvM4PiOIpHoFGWagW/PO2ugUumsLzX9EAmD:Kp9E4vM4PxGHCBW/PO2iIvX9
Malware Config
Extracted
cobaltstrike
100000
http://62.234.60.92:80/introduction/edr
-
access_type
512
-
host
62.234.60.92,/introduction/edr
-
http_header1
AAAACgAAAB5BY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUAAAAKAAAADFRlOiB0cmFpbGVycwAAAAoAAAALQWNjZXB0OiAqLyoAAAAHAAAAAAAAAA0AAAACAAAABUFOSUQ9AAAAAgAAABlfX1NlY3VyZS0zUEFQSVNJRD1ub3NraW47AAAAAQAAACM7Q09OU0VOVD1ZRVMrQ04uemgtQ04rMjAyMTA5MTctMDktMAAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IHRleHQvcGxhaW47Y2hhcnNldD1VVEYtOAAAAAoAAAAkUmVmZXJlcjogaHR0cHM6Ly9lZHIuc2FuZ2Zvci5jb20uY24vAAAACgAAAAxUZTogdHJhaWxlcnMAAAAKAAAAIk9yaWdpbjogaHR0cHM6Ly9lZHIuc2FuZ2Zvci5jb20uY24AAAAHAAAAAAAAAA0AAAAFAAAACF9fZm9ybWlkAAAACQAAABNzcmNodWlkPWtzSFZ0cGdoYUtRAAAACQAAABFzZWFyY2hrZXk9RGZNaVZBbAAAAAcAAAABAAAADQAAAAIAAAAqYWlkXz01MjIwMDU3MDUmYWNjdmVyPTEmc2hvd3R5cGU9ZW1iZWQmdWE9AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
5120
-
polling_time
12000
-
port_number
80
-
sc_process32
%windir%\syswow64\dllhost.exe
-
sc_process64
%windir%\sysnative\dllhost.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCN6R831GW6+s2ZJ3gpTTuFiJ/J+x5FZb38Zo8bqcctoTF9OwvxMi7zSDJ0wly93NkX1yYtOMMI7OVUR0m6D0Yl6imeZM+S9WRA+UZBTI/w/hAwT35ScEzwkF9ZVSw+jUkUadw9IFCj8oFC6dJW0TI70KU/TS8DUTOaFyZv7reN8QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
3.103793152e+09
-
unknown2
AAAABAAAAAEAAAA/AAAAAgAAAD0AAAACAAAAPQAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/api/artical/tag
-
user_agent
Mozilla/5.0 (iPad; CPU iPad OS 10_3_4 like Mac OS X) AppleWebKit/532.1 (KHTML, like Gecko) CriOS/30.0.834.0 Mobile/77D555 Safari/532.1
-
watermark
100000
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
Processes
-
C:\Users\Admin\AppData\Local\Temp\0a83626cf498751ee78185bd3b06a884dd511ce5c70c4af2f24d4a4385181aa9.exe"C:\Users\Admin\AppData\Local\Temp\0a83626cf498751ee78185bd3b06a884dd511ce5c70c4af2f24d4a4385181aa9.exe"1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
260KB
-
Filesize
1.6MB