Analysis
-
max time kernel
261s -
max time network
268s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
12-02-2024 18:03
Behavioral task
behavioral1
Sample
Archive.zip
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
Archive.zip
Resource
win10v2004-20231215-en
General
-
Target
Archive.zip
-
Size
6.6MB
-
MD5
907eddd8b49c9626bebb19d4f1134f3a
-
SHA1
1ff699fa997b2d1664d321de2c463c77fc980eda
-
SHA256
300fb853b15b9ad39e3f5dced1526e6715b7161296288dd04dfdc17c005daa62
-
SHA512
b7f3305c36f01ff0bf2d9190ca1394276dcbd5bda9421d1b22dafd56785f5744e65bbcc43d2cc5e9356d216ab4e5e063d1d41a5b4b689f66079fadcd8b917b54
-
SSDEEP
196608:oUTTwkTYare8Dehfc1liwHFQnvvQgkBo11E:ocvMaXgE1liwyvYgksE
Malware Config
Extracted
cobaltstrike
http://192.168.1.6:8080/UAoX
-
user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
Processes
-
C:\Windows\Explorer.exeC:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Archive.zip1⤵PID:2360
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:2252
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe"1⤵PID:2764
-
C:\Users\Admin\AppData\Local\Temp\Temp1_Archive.zip\Lopo\payload.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_Archive.zip\Lopo\payload.exe"1⤵PID:2276