Analysis
-
max time kernel
142s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
-
submitted
23-10-2023 19:29
General
-
Target
74f6b3ebc5b40bc0356f171ba7ae41ebc1c03a2f6aa8683c39140f1a5601023b.exe
-
Size
1.2MB
-
MD5
d0c401423eaf087b02d48180944eb434
-
SHA1
07860d876d105321c08fe61c7eecedfeee0d9b81
-
SHA256
74f6b3ebc5b40bc0356f171ba7ae41ebc1c03a2f6aa8683c39140f1a5601023b
-
SHA512
ffa882360db52dd5ba87e0f53b0c0cad944f746c6cfdc46f4f0200b853415d456a810a5e994464a3c226686a510aa91709e86b689de5187046b3f2d966679aa9
-
SSDEEP
24576:eA/389X9zMxnH4WVB5s4KQN2LTt8Y0edswcaWeoAuWU0sgGce7o9Pj3Bt:eloMocT9
Malware Config
Extracted
cobaltstrike
100000
http://124.220.235.65:14275/j.ad
-
access_type
512
-
host
124.220.235.65,/j.ad
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAABJBY2NlcHQ6IHRleHQvcGxhaW4AAAAKAAAAFkFjY2VwdC1MYW5ndWFnZTogZW4tdXMAAAAKAAAAG0FjY2VwdC1FbmNvZGluZzogdGV4dC9wbGFpbgAAAAoAAAAvQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybHRyeXRyeWQAAAAHAAAAAAAAAAgAAAAFAAAAAmlkAAAABwAAAAEAAAADAAAAAgAAADsmb3A9MSZpZD12eGV5a1MmdWk9Sm9zaCBAIFBDJnd2PTExJmdyPWJhY2tvZmYmYnY9MS41NSZkYXRhPQAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
2560
-
polling_time
37500
-
port_number
14275
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDWYfa6b93hGKApZwTMQJWs6UwXUdlHRw9HDtQ9xBrR/BIygegFGJFjdGTXvX8+A1sQSOnSKNrVvC9Yh0fnNPm9UXGRA940e8rYtM/T5M9+uWsvWV6BHCUoLiUGFKCCoZRaT8AaKc06zDNhDOwxCkWYStQFoNap+IT2hfogLaG5iwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/windebug/updcheck.php
-
user_agent
Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0
-
watermark
100000
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
Processes
-
C:\Users\Admin\AppData\Local\Temp\74f6b3ebc5b40bc0356f171ba7ae41ebc1c03a2f6aa8683c39140f1a5601023b.exe"C:\Users\Admin\AppData\Local\Temp\74f6b3ebc5b40bc0356f171ba7ae41ebc1c03a2f6aa8683c39140f1a5601023b.exe"1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1728-0-0x00007FF6F3290000-0x00007FF6F3430000-memory.dmpFilesize
1.6MB
-
memory/1728-1-0x00000230F2D30000-0x00000230F2D71000-memory.dmpFilesize
260KB
-
memory/1728-2-0x00000230F2D30000-0x00000230F2D71000-memory.dmpFilesize
260KB
-
memory/1728-4-0x00000230F2D80000-0x00000230F2DCF000-memory.dmpFilesize
316KB
-
memory/1728-5-0x00007FF6F3290000-0x00007FF6F3430000-memory.dmpFilesize
1.6MB