Analysis
-
max time kernel
146s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20231020-en -
resource tags
-
submitted
30-11-2023 21:58
General
-
Target
289c489a81d77bffc05d7c75c7a562426a8e27fe907b1edd99599079c0905e10.exe
-
Size
65KB
-
MD5
0504d1442f58031eee558dc4892376fc
-
SHA1
ac349fdcfe3af251f1aad254c09560e977f85a3b
-
SHA256
289c489a81d77bffc05d7c75c7a562426a8e27fe907b1edd99599079c0905e10
-
SHA512
c9a7b73d9adf7f0646ae4d0de5fc87de54a08b2eabbc0aef32f74ca80b8d0696413f83564a4f4ab23352e7c1caabe0feea03550741cad65c5a953a31dc8ed7a4
-
SSDEEP
1536:jCJrdFqe966QmZhZROS72nvnf6Hamy/W:ur7R46Q+rivMamz
Malware Config
Extracted
cobaltstrike
100000
http://192.124.176.11:80/Detect/remove/90J6CLSKNII
-
access_type
512
-
host
192.124.176.11,/Detect/remove/90J6CLSKNII
-
http_header1
AAAACgAAACxBY2NlcHQ6IGFwcGxpY2F0aW9uL2pzb24sIHRleHQvaHRtbCwgaW1hZ2UvKgAAAAoAAAATQWNjZXB0LUxhbmd1YWdlOiBtawAAAAoAAAAdQWNjZXB0LUVuY29kaW5nOiBiciwgaWRlbnRpdHkAAAAHAAAAAAAAAA8AAAAIAAAAAgAAAAZfWERpZD0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACxBY2NlcHQ6IGFwcGxpY2F0aW9uL2pzb24sIHRleHQvaHRtbCwgaW1hZ2UvKgAAAAoAAAATQWNjZXB0LUxhbmd1YWdlOiBtawAAAAoAAAAdQWNjZXB0LUVuY29kaW5nOiBiciwgaWRlbnRpdHkAAAAHAAAAAAAAAA8AAAAIAAAABQAAAAlfUURQUFVBS1UAAAAHAAAAAQAAAA8AAAAIAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
11008
-
polling_time
87496
-
port_number
80
-
sc_process32
%windir%\syswow64\dllhost.exe -o enable
-
sc_process64
%windir%\sysnative\svchost.exe -k wksvc
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCGktUK4DRD7aCXOsVH32pLB/ImDz/KNjrL+/OJ1V8AfM0UVT1k9j/zU1n3fLU/cAgjV6rXCD6OV3S84v9g3/Q3kbW5wBYveEUz4e898IkOUHcsQPBPMngAn2gJSf7beULieGk7TO53S7LztL69Df0d+3ob/Lg5L6ckP5STjDLXywIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
1.191714816e+09
-
unknown2
AAAABAAAAAEAAAOhAAAAAgAABJ4AAAALAAAADwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/Build/rss20/OZ4GHPLCW
-
user_agent
Mozilla/5.1 (Windows NT 6.2; Win64; x64) AppleWebKit/537.363 (KHTML, like Gecko) Chrome/53.0.2785.1164 Safari/537.365
-
watermark
100000
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
Processes
-
C:\Users\Admin\AppData\Local\Temp\289c489a81d77bffc05d7c75c7a562426a8e27fe907b1edd99599079c0905e10.exe"C:\Users\Admin\AppData\Local\Temp\289c489a81d77bffc05d7c75c7a562426a8e27fe907b1edd99599079c0905e10.exe"1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2516-1-0x00000000006F0000-0x0000000000771000-memory.dmpFilesize
516KB
-
memory/2516-2-0x0000000004220000-0x0000000004620000-memory.dmpFilesize
4.0MB
-
memory/2516-3-0x000000013F0E0000-0x000000013F0F8000-memory.dmpFilesize
96KB
-
memory/2516-5-0x0000000004220000-0x0000000004620000-memory.dmpFilesize
4.0MB