Analysis
-
max time kernel
147s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
29-03-2024 03:59
Static task
static1
Behavioral task
behavioral1
Sample
e41d6c30c305bb8c698b89d7a278af2e2252f2a8eae899ce87b182a594ff9dfb.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e41d6c30c305bb8c698b89d7a278af2e2252f2a8eae899ce87b182a594ff9dfb.exe
Resource
win10v2004-20240226-en
General
-
Target
e41d6c30c305bb8c698b89d7a278af2e2252f2a8eae899ce87b182a594ff9dfb.exe
-
Size
1.2MB
-
MD5
4569d44619999534292022c394544883
-
SHA1
da567ba03082cfb39cee54d6c88642c0a8494312
-
SHA256
e41d6c30c305bb8c698b89d7a278af2e2252f2a8eae899ce87b182a594ff9dfb
-
SHA512
566558ddbf3fa174484e718fd7dbc1169a67ed72ae7b2a344c58d97d770b1699875e9d1b87fb02b8393bd533f699fa2f13c6a09eb7da3cbf7013bfe28a608ed6
-
SSDEEP
24576:PXPdvxvoheB12Fm7vv6eRh7Cb4x89Zrj81:HjvoheB12FSD7C01
Malware Config
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
e41d6c30c305bb8c698b89d7a278af2e2252f2a8eae899ce87b182a594ff9dfb.exepid process 2932 e41d6c30c305bb8c698b89d7a278af2e2252f2a8eae899ce87b182a594ff9dfb.exe 2932 e41d6c30c305bb8c698b89d7a278af2e2252f2a8eae899ce87b182a594ff9dfb.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2932-0-0x00007FFAF8610000-0x00007FFAF8620000-memory.dmpFilesize
64KB
-
memory/2932-1-0x00000000010D0000-0x0000000001111000-memory.dmpFilesize
260KB
-
memory/2932-2-0x00000000010D0000-0x0000000001111000-memory.dmpFilesize
260KB
-
memory/2932-3-0x0000000001460000-0x0000000001A7D000-memory.dmpFilesize
6.1MB
-
memory/2932-4-0x00000000010D0000-0x0000000001111000-memory.dmpFilesize
260KB
-
memory/2932-5-0x0000000001460000-0x0000000001A7D000-memory.dmpFilesize
6.1MB