Analysis Overview
SHA256
afe861d42befce06ea892b03c43e09d7e5763a067f7888a8fc3e9a3ac39c3225
Threat Level: Known bad
The file afe861d42befce06ea892b03c43e09d7e5763a067f7888a8fc3e9a3ac39c3225 was found to be: Known bad.
Malicious Activity Summary
Cobaltstrike
Unsigned PE
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2023-12-30 11:19
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-30 11:19
Reported
2023-12-30 11:22
Platform
win7-20231215-en
Max time kernel
0s
Max time network
5s
Command Line
Signatures
Cobaltstrike
Processes
C:\Users\Admin\AppData\Local\Temp\afe861d42befce06ea892b03c43e09d7e5763a067f7888a8fc3e9a3ac39c3225.exe
"C:\Users\Admin\AppData\Local\Temp\afe861d42befce06ea892b03c43e09d7e5763a067f7888a8fc3e9a3ac39c3225.exe"
Network
| Country | Destination | Domain | Proto |
| TW | 210.61.186.117:80 | tcp |
Files
memory/2180-0-0x00000000003D0000-0x00000000003D1000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2023-12-30 11:19
Reported
2023-12-30 11:22
Platform
win10v2004-20231222-en
Max time kernel
144s
Max time network
120s
Command Line
Signatures
Cobaltstrike
Processes
C:\Users\Admin\AppData\Local\Temp\afe861d42befce06ea892b03c43e09d7e5763a067f7888a8fc3e9a3ac39c3225.exe
"C:\Users\Admin\AppData\Local\Temp\afe861d42befce06ea892b03c43e09d7e5763a067f7888a8fc3e9a3ac39c3225.exe"
Network
| Country | Destination | Domain | Proto |
| TW | 210.61.186.117:80 | 210.61.186.117 | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 21.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.186.61.210.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.109.18.2.in-addr.arpa | udp |
| TW | 210.61.186.117:80 | tcp | |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| TW | 210.61.186.117:80 | 210.61.186.117 | tcp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| TW | 210.61.186.117:80 | 210.61.186.117 | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| N/A | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 20.223.36.55:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 20.189.173.2:443 | tcp | |
| US | 192.229.221.95:80 | tcp | |
| US | 8.8.8.8:53 | udp |
Files
memory/2984-0-0x0000000000910000-0x0000000000911000-memory.dmp
memory/2984-4-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2984-6-0x00000000041F0000-0x0000000004662000-memory.dmp
memory/2984-7-0x0000000003DF0000-0x00000000041F0000-memory.dmp
memory/2984-10-0x0000000003DF0000-0x00000000041F0000-memory.dmp