Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
26-02-2024 00:11
General
-
Target
COBALT.pcap
-
Size
12.9MB
-
MD5
3f528a55175df8f7003e49ba7fc780a8
-
SHA1
3c9795880b096443342885808e68f601dbbc313b
-
SHA256
c9fae6f26f96670a35f31281a143ba78e5381506ad5361dfa65992c6ca0ae990
-
SHA512
0fb9f0a974c5ce39a8f5a6ec2559110950529d516a5215f464158711c678549e85774a4a641a8423e66ca0fc0d4829bfce221db912b6ad62e1418600a842e830
-
SSDEEP
196608:GZbgakpKeX5UdqYQd8XF0JY0EMv7aDMeDQLDSvT/2R:WgPxEMTaDaq2
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\COBALT.pcap1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\COBALT.pcap2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\COBALT.pcap"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5e1afb3a69303e9fdd7a64a0728fec728
SHA1c08da27e67d89311ca31d3820da0d8568f2a86bb
SHA256ee54950081ec25929a293e24bb1005de01bb9f71312b764cf0db583edcbd5854
SHA5121a8e7dc535e941662a45ffe7d969575237c2c433919a253261bb7a2560aa8704f0b2c67ac5d43053bf620232b550ce73d551bd091ccf92f31c3baef43ceb50cc