Analysis
-
max time kernel
144s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
29-12-2023 09:06
Static task
static1
Behavioral task
behavioral1
Sample
140f87b73133e19c62e7e0eee83b56626ac435d9088bd2d3e0470fc16833c84a.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
140f87b73133e19c62e7e0eee83b56626ac435d9088bd2d3e0470fc16833c84a.exe
Resource
win10v2004-20231215-en
General
-
Target
140f87b73133e19c62e7e0eee83b56626ac435d9088bd2d3e0470fc16833c84a.exe
-
Size
123KB
-
MD5
811922eb2874f5d06e4c22fc6a4c7914
-
SHA1
757a3cea1b474520ad9d1d42de9bd66bd8970934
-
SHA256
140f87b73133e19c62e7e0eee83b56626ac435d9088bd2d3e0470fc16833c84a
-
SHA512
ea4bdac2834805cf79bcf818a5145fb03b1f3943ccd47f15dbfb10d71bfa4f2ed696f91e32a2d81d0a71895dc6dd3f252e29edc31df7b1e27561635d921f0138
-
SSDEEP
3072:59I1Vl0GAXIGiQ6Mj8LN2NVf8qP1WTt6s:5KVl0GAXqMj8LNMUB6s
Malware Config
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeManageVolumePrivilege 4436 svchost.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\140f87b73133e19c62e7e0eee83b56626ac435d9088bd2d3e0470fc16833c84a.exe"C:\Users\Admin\AppData\Local\Temp\140f87b73133e19c62e7e0eee83b56626ac435d9088bd2d3e0470fc16833c84a.exe"1⤵PID:4292
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe1⤵PID:4052
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k UnistackSvcGroup1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4436