Analysis
-
max time kernel
126s -
max time network
156s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
18-10-2023 04:08
Static task
static1
Behavioral task
behavioral1
Sample
726784fd44844c9b1a9853fee28a9c5555a42d36f413968220061c5fc610061f.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
726784fd44844c9b1a9853fee28a9c5555a42d36f413968220061c5fc610061f.exe
Resource
win10v2004-20230915-en
General
-
Target
726784fd44844c9b1a9853fee28a9c5555a42d36f413968220061c5fc610061f.exe
-
Size
3.2MB
-
MD5
9440fcd8e09fd731eb855b9b09f28179
-
SHA1
c4f55d090c4a88597e2d9cd1cf149c0c11a80cbb
-
SHA256
726784fd44844c9b1a9853fee28a9c5555a42d36f413968220061c5fc610061f
-
SHA512
f3d898c53d6d2143d28674775fcabae7a87f2d4cc56b3f846bde6b61a05b0b61a7bef29f4d5226a8c125291be32c4b5d36959b8afb0067f1a47744094ce69003
-
SSDEEP
49152:BSht2h0Z1WEWS8FF8UPbkV0L/1DmXzbdunN4yt:c/YY1zr8FYVs/1D4b
Malware Config
Extracted
cobaltstrike
0
-
watermark
0
Extracted
cobaltstrike
305419896
http://192.168.1.21:9898/load
-
access_type
512
-
host
192.168.1.21,/load
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_method1
GET
-
http_method2
POST
-
maxdns
255
-
polling_time
60000
-
port_number
9898
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDeuUXnDDkRYMBXwerB2BX503V183dcQExPT95FaSGBkZFIpkfTDMrpEQ3o/7lONvyRZ0/3ztCKfvjijQw8U3gAzkWognOjMhKGZYKl2vi/hFmvOqrBpFXs13lL14yRauWvP4eBTD+tyRk24mtFRSAiPDoBBMmHf0WxEOiwrRVCMwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727)
-
watermark
305419896
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.