Overview

overview

10

Static

static

1

b6c8e7a7a7...cc.exe

windows7-x64

10

b6c8e7a7a7...cc.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-03-2024 06:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b6c8e7a7a7ec15611fea00f4f4fed25e0e9bbcf040db0766a4d9cf1c563d38cc.exe

  • Size

    1.7MB

  • MD5

    50a84ae8f38182fd591e9d3b4e7e11af

  • SHA1

    065bdc2127baf8befdb32254656bd45fedb44558

  • SHA256

    b6c8e7a7a7ec15611fea00f4f4fed25e0e9bbcf040db0766a4d9cf1c563d38cc

  • SHA512

    bbf255b4af5dad8540847ff290052401fa93e9d6e7e4a4b2abfb1862ab7d922720e6a963e92070c923f38feb159b9c4a04b401eba2d4bf0bb13cf4aa5616423a

  • SSDEEP

    3072:Wb5410JzEiHRTmON0xmBl6+Trlnd3Q/eOGjq5BoNgQEoCldTgqlrftEXI+J/yTpZ:W0

Score
10/10
cobaltstrike100000backdoortrojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

100000

C2

http://service-mph8ibgh-1309275416.sh.apigw.tencentcs.com:80/api/x

Attributes
  • access_type

    512

  • host

    service-mph8ibgh-1309275416.sh.apigw.tencentcs.com,/api/x

  • http_header1

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAAAwAAAAIAAAAKU0VTU0lPTklEPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAAAwAAAAIAAAAJSlNFU1NJT049AAAABgAAAAZDb29raWUAAAAHAAAAAQAAAAMAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • jitter

    5120

  • polling_time

    2000

  • port_number

    80

  • sc_process32

    %windir%\syswow64\WerFault.exe

  • sc_process64

    %windir%\sysnative\WerFault.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCcVn/Q1SFs8Ez3qpSw7HyCwZiGhfB0U4kaa+1QVehZQy62WbutdsfQ0+ucTt66SPOSbI192ts2jp0oHkI1lRpdPunUCA+8fFXuNdCb/ZsbA5bRQZhZHTQE9gwGgF4ieb6elCAW3WaUH34pVeB4bE0PVUC/4DF//A6AJQRdhCOX1QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    1.481970944e+09

  • unknown2

    AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /api/y

  • user_agent

    Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.1)

  • watermark

    100000

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\b6c8e7a7a7ec15611fea00f4f4fed25e0e9bbcf040db0766a4d9cf1c563d38cc.exe
    "C:\Users\Admin\AppData\Local\Temp\b6c8e7a7a7ec15611fea00f4f4fed25e0e9bbcf040db0766a4d9cf1c563d38cc.exe"
    1⤵
      PID:3376
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3772 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:8
      1⤵
        PID:2144

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/3376-0-0x0000000000170000-0x0000000000326000-memory.dmp
        Filesize

        1.7MB

        Download
      • memory/3376-1-0x00007FFA05B20000-0x00007FFA065E1000-memory.dmp
        Filesize

        10.8MB

        Download
      • memory/3376-2-0x000000001B0F0000-0x000000001B100000-memory.dmp
        Filesize

        64KB

        Download
      • memory/3376-4-0x0000000002390000-0x00000000023D1000-memory.dmp
        Filesize

        260KB

        Download
      • memory/3376-3-0x0000000002500000-0x000000000254F000-memory.dmp
        Filesize

        316KB

        Download
      • memory/3376-5-0x00007FFA05B20000-0x00007FFA065E1000-memory.dmp
        Filesize

        10.8MB

        Download
      • memory/3376-6-0x000000001B0F0000-0x000000001B100000-memory.dmp
        Filesize

        64KB

        Download
      • memory/3376-7-0x0000000002390000-0x00000000023D1000-memory.dmp
        Filesize

        260KB

        Download