Analysis
-
max time kernel
147s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
13-10-2023 20:43
General
-
Target
2023-08-25_e8291d75e5dcfb3096f4bdaa13ccabf0_cobalt-strike_cobaltstrike_meterpreter_JC.dll
-
Size
218KB
-
MD5
e8291d75e5dcfb3096f4bdaa13ccabf0
-
SHA1
3ab63d4c4f8d3cf262841db601869ce3c2a47e80
-
SHA256
0656e195b038acae78a5f0bd2c7f54bc7453ce2b248599e01082df0cbef2f544
-
SHA512
e3d0236e1cd4b973de9f02b20610a3fa01755cc73c85b1bbf4430cfdf4dcbc78e9383d278c542b96af3656a3459ac60e531f9b3808849879befcf434552d71f5
-
SSDEEP
3072:sjOnlxzSQPohlI4qd8Iw04H5iS++Jf+l3wvy/MfLi/hJjNU25D:sj4PPoXI4w8I1+in+RoAPfLi/nj
Score
3/10
Malware Config
Signatures
-
Program crash 2 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2023-08-25_e8291d75e5dcfb3096f4bdaa13ccabf0_cobalt-strike_cobaltstrike_meterpreter_JC.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2023-08-25_e8291d75e5dcfb3096f4bdaa13ccabf0_cobalt-strike_cobaltstrike_meterpreter_JC.dll,#12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 5603⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 5603⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 1748 -ip 17481⤵