Analysis
-
max time kernel
120s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
25/02/2024, 07:42
Static task
static1
Behavioral task
behavioral1
Sample
5b0e7a52c5e5e1938f8ca199ccc9bf7708925188437f746bb04eac0d56bda111.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
5b0e7a52c5e5e1938f8ca199ccc9bf7708925188437f746bb04eac0d56bda111.exe
Resource
win10v2004-20240221-en
General
-
Target
5b0e7a52c5e5e1938f8ca199ccc9bf7708925188437f746bb04eac0d56bda111.exe
-
Size
1.3MB
-
MD5
81c156079259b740236be35221795d07
-
SHA1
971873c3f73025d46213d758b23b9c6bd89cde70
-
SHA256
5b0e7a52c5e5e1938f8ca199ccc9bf7708925188437f746bb04eac0d56bda111
-
SHA512
faf42f342f9506f74f95c503d110d48b1bcef0f2aa9866dfa16a95bc5c6ca10f5ceb8c098413e636969d7aa255ab23cb808a09f767dc671996c8e25653fbad42
-
SSDEEP
24576:f4NzJy8XnK8LgviXKFG7F4R3S+vjIIzHU/9UIhUBMG:fuM8XK8cvvjx0ThUBM
Malware Config
Extracted
cobaltstrike
http://192.168.137.3:80/frCB
-
user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727)
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.