Behavioral task
behavioral1
Sample
2912-1-0x00000000005A0000-0x00000000005DD000-memory.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2912-1-0x00000000005A0000-0x00000000005DD000-memory.dll
Resource
win10v2004-20240226-en
General
-
Target
2912-1-0x00000000005A0000-0x00000000005DD000-memory.dmp
-
Size
244KB
-
MD5
b922644e6973f6206e7b346d030e6e3f
-
SHA1
027629eb931b2f6dd254b867a33fb662d7fce7db
-
SHA256
942af170bc9c5ff803cf0c22f07eb5e911a0845812bec87243891678ad1a4f10
-
SHA512
2ae49fc62cdb0d8594a6dc616fc4fec3a48ea3e2d1e3ae5b53b7351a75feef28628137481f644c705c4e9338d54d76b69ddc5b1e2325d2f07d77b1d540a304c3
-
SSDEEP
3072:SX0b/Ef92TCCfKzIOYuwzi4Hrve7Iz2NsLBV19j1UU5Lyz:nEfHCyCuGi4LvJzLBRj
Malware Config
Signatures
-
Cobalt Strike reflective loader 1 IoCs
Detects the reflective loader used by Cobalt Strike.
resource yara_rule sample cobalt_reflective_dll -
Cobaltstrike family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2912-1-0x00000000005A0000-0x00000000005DD000-memory.dmp
Files
-
2912-1-0x00000000005A0000-0x00000000005DD000-memory.dmp.dll windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI
Sections
.text Size: 145KB - Virtual size: 145KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 40KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ