Analysis
-
max time kernel
152s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
13-10-2023 22:46
Static task
static1
Behavioral task
behavioral1
Sample
beacon.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
beacon.exe
Resource
win10v2004-20230915-en
General
-
Target
beacon.exe
-
Size
281KB
-
MD5
94ca9b4aa1cf9d29c9375d1306959f38
-
SHA1
9fb7d599f78adb8bd7ca03ba8fee41ea38db2cdc
-
SHA256
c8c6067cf64a8be76fb389fca74bafcb545076ceb7d1183ffd7ad814a04fa05d
-
SHA512
e7d56b31e632629a7e333f67c6fffbd41f34cafc8f208e150efe9f3eb1f4a82a9dcd45b9cbd6863e01d1c8cea78497beb171df8454806115362498405302743a
-
SSDEEP
6144:OCu2IC+Mu3OP6KMz+7ImkQ0H01PX2C3shk/FYgpv5gxDs1Xo0odWyGFF:Yrd3FKUmkRE3syNVpFyw
Malware Config
Extracted
cobaltstrike
100000
-
beacon_type
1024
-
host
192.168.150.9
-
http_header1
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_header2
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
polling_time
10000
-
port_number
4444
-
sc_process32
%windir%\syswow64\gpupdate.exe
-
sc_process64
%windir%\sysnative\gpupdate.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCHFQjnAnUbEXD+c5GiuPpC/L5pH2AnHxcutfvep6LOO4ik5oTdUI5q7KAsEzt7oUQI06rl0seBjlfZlXoAbwfbSbtvYJDKZMeDPvaY6QJRM9SYTgD+nlUiAR0qeMpbvhj68n3khnS1Cu2IS9GJpCMa7kRYn7ylraIWKBIArzaEQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
watermark
100000
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
beacon.exedescription pid process target process PID 2020 wrote to memory of 2616 2020 beacon.exe WerFault.exe PID 2020 wrote to memory of 2616 2020 beacon.exe WerFault.exe PID 2020 wrote to memory of 2616 2020 beacon.exe WerFault.exe