Analysis
-
max time kernel
148s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system -
submitted
24/02/2024, 11:33
Behavioral task
behavioral1
Sample
a4d396798c17a01d44562b94ed335697187e280b3fa09b36c0186c63311ef7bc.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a4d396798c17a01d44562b94ed335697187e280b3fa09b36c0186c63311ef7bc.exe
Resource
win10v2004-20240221-en
General
-
Target
a4d396798c17a01d44562b94ed335697187e280b3fa09b36c0186c63311ef7bc.exe
-
Size
1.3MB
-
MD5
6d1b0b245568be91bfc80b292875c8f8
-
SHA1
ab25901a6eb93dbe2b8b1ceee826fcd5b188d4ca
-
SHA256
a4d396798c17a01d44562b94ed335697187e280b3fa09b36c0186c63311ef7bc
-
SHA512
01f7969eb09af0e632ccf3b99aa68a6fc1a49f44f2b1f1cf5753458d91282d212d21b9d2aeede1af8935184b67aecb4eebe64e50914825c9d4997d844b02c520
-
SSDEEP
24576:0/AxGXeC21+NZIQWyt6AoVg7yB0tYftEPcTRVDqnoGRsly:3ieCbfxtKnRVDZGRs
Malware Config
Extracted
cobaltstrike
http://192.168.137.3:80/frCB
-
user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727)
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.