Overview

overview

10

Static

static

3

710a147b66...2c.exe

windows7-x64

10

710a147b66...2c.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-03-2024 08:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    710a147b66554a5a9658aecbd310f62b5394c4c4e2f3f89d4c0613a57accb22c.exe

  • Size

    2.9MB

  • MD5

    371013004448f8ebbac1f1716aa8fd92

  • SHA1

    b316ac6f367fc411efdc309a6c027cad884110f5

  • SHA256

    710a147b66554a5a9658aecbd310f62b5394c4c4e2f3f89d4c0613a57accb22c

  • SHA512

    3c71642d3be6981dba4893678719c2111c0ae8c3a6ef8e204b53478fd500ea525a3c19393d5c3601bc0f70b57a2575f33e1e79911eb856a511146052c77a2903

  • SSDEEP

    49152:BGtlq24VwASOM4IU6iDRq2h8Ti6fHXryLjsoc9CjC4J8ugJU1mPt0D44t:EH+1q5NIj1J8NS1JD

Score
10/10
cobaltstrike426352781backdoortrojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://d2ss5ijh3h76v2.cloudfront.net:443/async/Newtab_promos

Attributes
  • user_agent

    Sec-Fetch-Site: none Sec-Fetch-Dest: empty Accept-Language: en-US,en;q=0.5 Host: d2ss5ijh3h76v2.cloudfront.net User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36

Extracted

Family

cobaltstrike

Botnet

426352781

C2

http://d2ss5ijh3h76v2.cloudfront.net:443/access/

Attributes
  • access_type

    512

  • beacon_type

    2048

  • host

    d2ss5ijh3h76v2.cloudfront.net,/access/

  • http_header1

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAeR2V0Q29udGVudEZlYXR1cmVzLkRMTkEuT1JHOiAxAAAAEAAAACNIb3N0OiBkMnNzNWlqaDNoNzZ2Mi5jbG91ZGZyb250Lm5ldAAAAAoAAABIQ29va2llOiAgX191dG1hPTk0MjI5MjA4OC43NDY0OTQ1MTk1LjIzOTUwMzQ5MTEuNTgwNzA3MzcwNy4yMzMzMzI0MjU3LjA7AAAACQAAAAl2ZXJzaW9uPTQAAAAJAAAADmxpZD0yNTgyMjA1MzUxAAAABwAAAAAAAAAIAAAABQAAAAV0b2tlbgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_header2

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAQAAAAI0hvc3Q6IGQyc3M1aWpoM2g3NnYyLmNsb3VkZnJvbnQubmV0AAAABwAAAAAAAAAFAAAAA3JpZAAAAAkAAAAObGlkPTE5MzA0NDUxNDYAAAAJAAAAH21ldGhvZD1nZXRTZWFyY2hSZWNvbW1lbmRhdGlvbnMAAAAHAAAAAQAAAAMAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

  • http_method1

    GET

  • http_method2

    POST

  • polling_time

    900

  • port_number

    443

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCBMLynlrtLB5yeViLbEg+jTpowwBiXeAGsVgAirB0HdEgkew3+CTIfNgjczVRHvRPBFKFbWlOBm6oEwrohSWUKdvbkabxbKqqxYwCErVQ0/CCI/Q9co2NghfdzU0fKtjRWDo+lgYkQ8ZNf5AgNHoKatS2zorGp7T/fqCjgtivHbwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    7.382016e+08

  • unknown2

    AAAABAAAAAIAAAAQAAAAAgAAABAAAAACAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /radio/xmlrpc/v35

  • user_agent

    Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36

  • watermark

    426352781

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\710a147b66554a5a9658aecbd310f62b5394c4c4e2f3f89d4c0613a57accb22c.exe
    "C:\Users\Admin\AppData\Local\Temp\710a147b66554a5a9658aecbd310f62b5394c4c4e2f3f89d4c0613a57accb22c.exe"
    1⤵
      PID:208
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5248 --field-trial-handle=2236,i,5367110156796017614,12594004256180761011,262144 --variations-seed-version /prefetch:8
      1⤵
        PID:3988

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/208-0-0x0000016D946E0000-0x0000016D946E1000-memory.dmp
        Filesize

        4KB

        Download
      • memory/208-1-0x0000016D963A0000-0x0000016D967A0000-memory.dmp
        Filesize

        4.0MB

        Download
      • memory/208-2-0x0000016D967A0000-0x0000016D967EE000-memory.dmp
        Filesize

        312KB

        Download
      • memory/208-3-0x0000016D967A0000-0x0000016D967EE000-memory.dmp
        Filesize

        312KB

        Download