Analysis
-
max time kernel
162s -
max time network
168s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
20-10-2023 07:30
Static task
static1
Behavioral task
behavioral1
Sample
3c79a20ed5ecd7fbb48b3f08218c4a379b97ef3a977504af43b4da9f92bde5ed.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
3c79a20ed5ecd7fbb48b3f08218c4a379b97ef3a977504af43b4da9f92bde5ed.exe
Resource
win10v2004-20230915-en
General
-
Target
3c79a20ed5ecd7fbb48b3f08218c4a379b97ef3a977504af43b4da9f92bde5ed.exe
-
Size
163KB
-
MD5
3b76a556a629578be99faf6150663df8
-
SHA1
710e351e0b4455914235568d41cad396829dcd43
-
SHA256
3c79a20ed5ecd7fbb48b3f08218c4a379b97ef3a977504af43b4da9f92bde5ed
-
SHA512
933912c2130339c0c6a26f3d4e89e2b43325d73d907784997bcd2703f7e3ff7f4a6c46ba2eee6cccc4667009ee6f441ecab294f335cc79fdc5522cddc40c7cf4
-
SSDEEP
3072:LWsNk75C4nQbSyRybd5N2o92GW+eFWfIlOC:LWse75ZnQboNWGhgt
Malware Config
Extracted
cobaltstrike
0
-
watermark
0
Extracted
cobaltstrike
100000
http://175.178.226.60:8021/g.pixel
-
access_type
512
-
host
175.178.226.60,/g.pixel
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
5120
-
polling_time
3000
-
port_number
8021
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCgtQ3z3xPXIou7m+U8yxeY1/ldtvCcE8GEbvIpQPfTep+xAw8SHO5wmn75R8T8VDZAtO62LnNKyhLACzl6D7QUnKBug1ImJHH0orOMIfbwyRbZHZ1Oy0/w2Ezzloy4nxS7G2Rp42nqqJvnH79CLnCQNNJnibbhraskusz0F/Q3swIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.2; InfoPath.3)
-
watermark
100000
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1788-1-0x00000000021C0000-0x000000000220F000-memory.dmpFilesize
316KB
-
memory/1788-0-0x0000000001BD0000-0x0000000001CD0000-memory.dmpFilesize
1024KB
-
memory/1788-2-0x0000000001BD0000-0x0000000001CD0000-memory.dmpFilesize
1024KB
-
memory/1788-3-0x00000000021C0000-0x000000000220F000-memory.dmpFilesize
316KB