Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
09-03-2024 06:57
Static task
static1
Behavioral task
behavioral1
Sample
b6c8e7a7a7ec15611fea00f4f4fed25e0e9bbcf040db0766a4d9cf1c563d38cc.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b6c8e7a7a7ec15611fea00f4f4fed25e0e9bbcf040db0766a4d9cf1c563d38cc.exe
Resource
win10v2004-20240226-en
General
-
Target
b6c8e7a7a7ec15611fea00f4f4fed25e0e9bbcf040db0766a4d9cf1c563d38cc.exe
-
Size
1.7MB
-
MD5
50a84ae8f38182fd591e9d3b4e7e11af
-
SHA1
065bdc2127baf8befdb32254656bd45fedb44558
-
SHA256
b6c8e7a7a7ec15611fea00f4f4fed25e0e9bbcf040db0766a4d9cf1c563d38cc
-
SHA512
bbf255b4af5dad8540847ff290052401fa93e9d6e7e4a4b2abfb1862ab7d922720e6a963e92070c923f38feb159b9c4a04b401eba2d4bf0bb13cf4aa5616423a
-
SSDEEP
3072:Wb5410JzEiHRTmON0xmBl6+Trlnd3Q/eOGjq5BoNgQEoCldTgqlrftEXI+J/yTpZ:W0
Malware Config
Extracted
cobaltstrike
100000
http://service-mph8ibgh-1309275416.sh.apigw.tencentcs.com:80/api/x
-
access_type
512
-
host
service-mph8ibgh-1309275416.sh.apigw.tencentcs.com,/api/x
-
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAAAwAAAAIAAAAKU0VTU0lPTklEPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAcAAAAAAAAAAwAAAAIAAAAJSlNFU1NJT049AAAABgAAAAZDb29raWUAAAAHAAAAAQAAAAMAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
5120
-
polling_time
2000
-
port_number
80
-
sc_process32
%windir%\syswow64\WerFault.exe
-
sc_process64
%windir%\sysnative\WerFault.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCcVn/Q1SFs8Ez3qpSw7HyCwZiGhfB0U4kaa+1QVehZQy62WbutdsfQ0+ucTt66SPOSbI192ts2jp0oHkI1lRpdPunUCA+8fFXuNdCb/ZsbA5bRQZhZHTQE9gwGgF4ieb6elCAW3WaUH34pVeB4bE0PVUC/4DF//A6AJQRdhCOX1QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
1.481970944e+09
-
unknown2
AAAABAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/api/y
-
user_agent
Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.1)
-
watermark
100000
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
Processes
-
C:\Users\Admin\AppData\Local\Temp\b6c8e7a7a7ec15611fea00f4f4fed25e0e9bbcf040db0766a4d9cf1c563d38cc.exe"C:\Users\Admin\AppData\Local\Temp\b6c8e7a7a7ec15611fea00f4f4fed25e0e9bbcf040db0766a4d9cf1c563d38cc.exe"1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3772 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:81⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3376-0-0x0000000000170000-0x0000000000326000-memory.dmpFilesize
1.7MB
-
memory/3376-1-0x00007FFA05B20000-0x00007FFA065E1000-memory.dmpFilesize
10.8MB
-
memory/3376-2-0x000000001B0F0000-0x000000001B100000-memory.dmpFilesize
64KB
-
memory/3376-4-0x0000000002390000-0x00000000023D1000-memory.dmpFilesize
260KB
-
memory/3376-3-0x0000000002500000-0x000000000254F000-memory.dmpFilesize
316KB
-
memory/3376-5-0x00007FFA05B20000-0x00007FFA065E1000-memory.dmpFilesize
10.8MB
-
memory/3376-6-0x000000001B0F0000-0x000000001B100000-memory.dmpFilesize
64KB
-
memory/3376-7-0x0000000002390000-0x00000000023D1000-memory.dmpFilesize
260KB