Analysis
-
max time kernel
141s -
max time network
146s -
platform
windows7_x64 -
resource
win7-20231020-en -
resource tags
arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system -
submitted
30-11-2023 22:01
Static task
static1
Behavioral task
behavioral1
Sample
9ae4e8b799150be655cbabbc33a499fc8ea3ae198c1f27a657fab595b3b91bdf.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
9ae4e8b799150be655cbabbc33a499fc8ea3ae198c1f27a657fab595b3b91bdf.exe
Resource
win10v2004-20231127-en
General
-
Target
9ae4e8b799150be655cbabbc33a499fc8ea3ae198c1f27a657fab595b3b91bdf.exe
-
Size
66KB
-
MD5
b230d3f6163541cd6d7a37b81b5ce767
-
SHA1
c59c878e036c9c9815699b3c4c013d9270916f87
-
SHA256
9ae4e8b799150be655cbabbc33a499fc8ea3ae198c1f27a657fab595b3b91bdf
-
SHA512
c67e091636be63764796e3cc1adf99a91025f2dfed20979eb28aae254ba4057222dad8da32305170ae67161530df7bf30f050526d2e1f3edfae3cf3ce007d280
-
SSDEEP
1536:07JZ1xBxtV6Ta7yXN0ZRvuI2n3V6b1DcfW:IZnDj6Ther0ib
Malware Config
Extracted
cobaltstrike
100000
http://192.124.176.11:80/Detect/remove/90J6CLSKNII
-
access_type
512
-
host
192.124.176.11,/Detect/remove/90J6CLSKNII
-
http_header1
AAAACgAAACxBY2NlcHQ6IGFwcGxpY2F0aW9uL2pzb24sIHRleHQvaHRtbCwgaW1hZ2UvKgAAAAoAAAATQWNjZXB0LUxhbmd1YWdlOiBtawAAAAoAAAAdQWNjZXB0LUVuY29kaW5nOiBiciwgaWRlbnRpdHkAAAAHAAAAAAAAAA8AAAAIAAAAAgAAAAZfWERpZD0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACxBY2NlcHQ6IGFwcGxpY2F0aW9uL2pzb24sIHRleHQvaHRtbCwgaW1hZ2UvKgAAAAoAAAATQWNjZXB0LUxhbmd1YWdlOiBtawAAAAoAAAAdQWNjZXB0LUVuY29kaW5nOiBiciwgaWRlbnRpdHkAAAAHAAAAAAAAAA8AAAAIAAAABQAAAAlfUURQUFVBS1UAAAAHAAAAAQAAAA8AAAAIAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
11008
-
polling_time
87496
-
port_number
80
-
sc_process32
%windir%\syswow64\dllhost.exe -o enable
-
sc_process64
%windir%\sysnative\svchost.exe -k wksvc
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCGktUK4DRD7aCXOsVH32pLB/ImDz/KNjrL+/OJ1V8AfM0UVT1k9j/zU1n3fLU/cAgjV6rXCD6OV3S84v9g3/Q3kbW5wBYveEUz4e898IkOUHcsQPBPMngAn2gJSf7beULieGk7TO53S7LztL69Df0d+3ob/Lg5L6ckP5STjDLXywIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
1.191714816e+09
-
unknown2
AAAABAAAAAEAAAOhAAAAAgAABJ4AAAALAAAADwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/Build/rss20/OZ4GHPLCW
-
user_agent
Mozilla/5.1 (Windows NT 6.2; Win64; x64) AppleWebKit/537.363 (KHTML, like Gecko) Chrome/53.0.2785.1164 Safari/537.365
-
watermark
100000
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3036-1-0x0000000000880000-0x0000000000901000-memory.dmpFilesize
516KB
-
memory/3036-2-0x0000000004BE0000-0x0000000004FE0000-memory.dmpFilesize
4.0MB
-
memory/3036-3-0x000000013FA70000-0x000000013FA88000-memory.dmpFilesize
96KB
-
memory/3036-5-0x0000000004BE0000-0x0000000004FE0000-memory.dmpFilesize
4.0MB