292ed4733505886910099b0ff50cf83999082d9cf73435a7c67fcf2e32092c68

Analysis

max time kernel
125s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11-10-2023 05:40

Target

2023-08-26_c099180b9ac8e6014750f1b99faba5ae_cobalt-strike_cobaltstrike_meterpreter_JC.dll
Size

208KB
MD5

c099180b9ac8e6014750f1b99faba5ae
SHA1

c0d9acecd2f693c129ffbeb5ca0f5adcd0dd6186
SHA256

292ed4733505886910099b0ff50cf83999082d9cf73435a7c67fcf2e32092c68
SHA512

0b08d57d349b15ecfce1c482c6728364ac8b4fff34418a7f92f3df58db64aa208bd9b14b725540ea01413423e39a257d84512e74669357b301f168511e3fe345
SSDEEP

3072:LI6CqRCxffkClZ8Cqn7LQlRw6x+Y3CxT2DtK5jdUfY5:LIDff9D8CcXYRw6MT2DEj

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4308 4204 WerFault.exe rundll32.exe

pid	pid_target	process	target process
4308	4204	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4520 wrote to memory of 4204	4520	rundll32.exe	rundll32.exe
PID 4520 wrote to memory of 4204	4520	rundll32.exe	rundll32.exe
PID 4520 wrote to memory of 4204	4520	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2023-08-26_c099180b9ac8e6014750f1b99faba5ae_cobalt-strike_cobaltstrike_meterpreter_JC.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4520

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2023-08-26_c099180b9ac8e6014750f1b99faba5ae_cobalt-strike_cobaltstrike_meterpreter_JC.dll,#1
2⤵
PID:4204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4204 -s 632
3⤵
- Program crash
PID:4308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4204 -ip 4204
1⤵
PID:1636