Analysis
-
max time kernel
151s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20240319-en -
resource tags
arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system -
submitted
30-03-2024 18:20
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win64.Malware-gen.28363.11760.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win64.Malware-gen.28363.11760.exe
Resource
win10v2004-20240319-en
General
-
Target
SecuriteInfo.com.Win64.Malware-gen.28363.11760.exe
-
Size
1.4MB
-
MD5
ce8e1592a4685f349136cb13c12e543f
-
SHA1
fbdccab7f53e063d53dc296c4f1eb7d236a97d46
-
SHA256
40516869f63341f2c9a760ac0faa823a11168fdc0067beef413cd6ed9e858f07
-
SHA512
f00b1d293abf8af9d5833e2b019884bfa9b0618db8172d55d0eb866dbce9f9ba0eecd0bedee0dbc45031abcc89e5ed141ee51f7dedd39f400726aeabb68cedc8
-
SSDEEP
24576:yse92KNwXkWxZiwdMeHRmXKNjhdAT2JSzrSQb92Jco0a:E2K8eexmyj/nCmwo0a
Malware Config
Extracted
cobaltstrike
http://112.124.64.105:7894/Pr8c
-
user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALC)
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Malware-gen.28363.11760.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Malware-gen.28363.11760.exe"1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=2940 --field-trial-handle=2264,i,1475924722205134884,16549311107360026087,262144 --variations-seed-version /prefetch:81⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4236-0-0x00000287C7ED0000-0x00000287C7ED1000-memory.dmpFilesize
4KB