Analysis
-
max time kernel
149s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
24-10-2023 15:32
General
-
Target
2aed2a48aa2ea62457f1edf95bfef91b0d5f4434fe4e5e4ec0b0d71ab045f8ce.exe
-
Size
1.1MB
-
MD5
ff4db044f235c09e5ce5d39a3f306817
-
SHA1
16e3eb3e6685541c93259d4f96ab53d0b830435a
-
SHA256
2aed2a48aa2ea62457f1edf95bfef91b0d5f4434fe4e5e4ec0b0d71ab045f8ce
-
SHA512
80159bf03af734b25bed89ed2fddc8dbe9b9e12149b29115b205bac6505ee8332bf6da2dffb47a711a14c853bcd87a1e221665bcb5c5ae57b3e39c93fc6b49e4
-
SSDEEP
24576:AOS+19BnG6KzXGqZ1Jd/jjGGRayHQkFqGdiMuWoCUob:AOSQ9BnG8kh/jiGRayweCMuWok
Malware Config
Extracted
cobaltstrike
100000
http://103.234.72.74:80/pixel
-
access_type
512
-
host
103.234.72.74,/pixel
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAABJBY2NlcHQ6IHRleHQvcGxhaW4AAAAKAAAAFkFjY2VwdC1MYW5ndWFnZTogZW4tdXMAAAAKAAAAG0FjY2VwdC1FbmNvZGluZzogdGV4dC9wbGFpbgAAAAoAAAAvQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybHRyeXRyeWQAAAAHAAAAAAAAAAgAAAAFAAAAAmlkAAAABwAAAAEAAAADAAAAAgAAADsmb3A9MSZpZD12eGV5a1MmdWk9Sm9zaCBAIFBDJnd2PTExJmdyPWJhY2tvZmYmYnY9MS41NSZkYXRhPQAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
2560
-
polling_time
37500
-
port_number
80
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCPxVlBaGI4obe2z04qn+7a1HHvNEcc2uuUx8A1vtcLoA/MFTUpUAmA2Qs3QqTGjaNAhTW5nEG1x2X8WCOY2334WSaUxWsYXK88UZ2GWdiKiR8q851lzWvNh0ArfveFFQF+845wP/aJQ1Kv1bHUpxP+w0zFwKbKdVwuaZHF5dIHCQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/hello/flash.php
-
user_agent
Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0
-
watermark
100000
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
Processes
-
C:\Users\Admin\AppData\Local\Temp\2aed2a48aa2ea62457f1edf95bfef91b0d5f4434fe4e5e4ec0b0d71ab045f8ce.exe"C:\Users\Admin\AppData\Local\Temp\2aed2a48aa2ea62457f1edf95bfef91b0d5f4434fe4e5e4ec0b0d71ab045f8ce.exe"1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1716-0-0x00007FF7B4BC0000-0x00007FF7B50B8000-memory.dmpFilesize
5.0MB
-
memory/1716-1-0x00000254D6720000-0x00000254D6761000-memory.dmpFilesize
260KB
-
memory/1716-2-0x00000254D6720000-0x00000254D6761000-memory.dmpFilesize
260KB
-
memory/1716-4-0x00000254D6770000-0x00000254D67BF000-memory.dmpFilesize
316KB
-
memory/1716-5-0x00007FF7B4BC0000-0x00007FF7B50B8000-memory.dmpFilesize
5.0MB