Analysis
-
max time kernel
142s -
max time network
141s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
15-04-2024 01:00
Static task
static1
Behavioral task
behavioral1
Sample
003b780abec3cf77df45838f40b0fa63602501499fce9fb980545003e4804c3e.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
003b780abec3cf77df45838f40b0fa63602501499fce9fb980545003e4804c3e.exe
Resource
win10v2004-20240412-en
General
-
Target
003b780abec3cf77df45838f40b0fa63602501499fce9fb980545003e4804c3e.exe
-
Size
278KB
-
MD5
fb1eaeac9d731a6cf7a9613fb2ea6eac
-
SHA1
8db7b75b0e1015cd0e00a6295c580623b0693ef3
-
SHA256
003b780abec3cf77df45838f40b0fa63602501499fce9fb980545003e4804c3e
-
SHA512
2f65b5baa2afd0ccb1468959ae75aa2aad71ecf90089fbaa24f9dc4d488ee6566d32a3139697268509d18a89103b521c8306ff26097193a732ed055a48efb5bb
-
SSDEEP
6144:0R+fWsVZOq6kS8olP10luBnmyJJ2TrpAXiFxkmF1:0KdVZOJkS8auuBmyorpASFTF
Malware Config
Extracted
cobaltstrike
1234567890
http://42.194.199.231:7443/cx
-
access_type
512
-
beacon_type
2048
-
host
42.194.199.231,/cx
-
http_header1
AAAABwAAAAAAAAADAAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAACZDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQAAAAcAAAAAAAAABQAAAAJpZAAAAAcAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
polling_time
60000
-
port_number
7443
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCyN9Q7AxLN/Mj4DpfzcbKYdBhdGUohO1/O/Z5olu9KVSU4IBVQqMcgIvOptt6oJzP7Ow9zcmWfXAToLyUAKtZCrNmzZaQj5L2J61g0F6tJ9Ns2pLSYOVg0HsAsmdqIcg8w2nvqn2CgfuMTd7J+DHKRIGl3Nt0aHUL7+lF7b+EzzwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/submit.php
-
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP02)
-
watermark
1234567890
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Detects Reflective DLL injection artifacts 3 IoCs
Processes:
resource yara_rule behavioral1/memory/2292-0-0x0000000000360000-0x0000000000394000-memory.dmp INDICATOR_SUSPICIOUS_ReflectiveLoader behavioral1/memory/2292-1-0x00000000003A0000-0x00000000003DE000-memory.dmp INDICATOR_SUSPICIOUS_ReflectiveLoader behavioral1/memory/2292-4-0x00000000003A0000-0x00000000003DE000-memory.dmp INDICATOR_SUSPICIOUS_ReflectiveLoader
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2292-0-0x0000000000360000-0x0000000000394000-memory.dmpFilesize
208KB
-
memory/2292-1-0x00000000003A0000-0x00000000003DE000-memory.dmpFilesize
248KB
-
memory/2292-2-0x0000000000400000-0x000000000044B000-memory.dmpFilesize
300KB
-
memory/2292-4-0x00000000003A0000-0x00000000003DE000-memory.dmpFilesize
248KB