Analysis
-
max time kernel
33s -
max time network
38s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
29-03-2024 11:42
Static task
static1
Behavioral task
behavioral1
Sample
C618.tmp.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
C618.tmp.dll
Resource
win10v2004-20240226-en
General
-
Target
C618.tmp.dll
-
Size
292KB
-
MD5
9abf8579ed3b6e5d3d43b408509a53db
-
SHA1
63ee039a478e23a505bc889cc74e7693ebe51891
-
SHA256
cc74f7e82eb33a14ffdea343a8975d8a81be151ffcb753cb3f3be10242c8a252
-
SHA512
878add89cc7fc1d88f66c0704a66c202191382e4206e6e156f5bf0205d9b136d341c38686dc7d4a36615cfc45937841b30bcbc1b1036084bcce2e8501c6903ce
-
SSDEEP
6144:lV9H07z+CLXF0AYlHsGSD5E4Ck2oh66/px:lzHqtLyAtG0Ck2ozv
Malware Config
Extracted
cobaltstrike
http://217.12.218.46:80/YPbR
-
user_agent
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Blocklisted process makes network request 31 IoCs
Processes:
rundll32.exeflow pid process 13 3504 rundll32.exe 15 3504 rundll32.exe 16 3504 rundll32.exe 17 3504 rundll32.exe 18 3504 rundll32.exe 19 3504 rundll32.exe 20 3504 rundll32.exe 21 3504 rundll32.exe 22 3504 rundll32.exe 23 3504 rundll32.exe 24 3504 rundll32.exe 25 3504 rundll32.exe 26 3504 rundll32.exe 27 3504 rundll32.exe 28 3504 rundll32.exe 29 3504 rundll32.exe 30 3504 rundll32.exe 31 3504 rundll32.exe 32 3504 rundll32.exe 33 3504 rundll32.exe 35 3504 rundll32.exe 36 3504 rundll32.exe 37 3504 rundll32.exe 38 3504 rundll32.exe 39 3504 rundll32.exe 40 3504 rundll32.exe 41 3504 rundll32.exe 42 3504 rundll32.exe 43 3504 rundll32.exe 44 3504 rundll32.exe 45 3504 rundll32.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3504-0-0x000001C8AA9E0000-0x000001C8AA9E1000-memory.dmpFilesize
4KB