Overview

overview

10

Static

static

3

d477d9fdfd...eb.exe

windows7-x64

1

d477d9fdfd...eb.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-04-2024 21:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d477d9fdfd2da88396a21f277c066635d34c6ed17c570b740364d7e04d3618eb.exe

  • Size

    19KB

  • MD5

    85ca4c24b93dde56321e62ce71aa8bb2

  • SHA1

    4eab75f775686e0bc73227158a1efa432aa462e9

  • SHA256

    d477d9fdfd2da88396a21f277c066635d34c6ed17c570b740364d7e04d3618eb

  • SHA512

    135775dab2dd24b345e33ac6a026e72d8b37b63a2f4156921c8995dd5e1cf2a8219571f29de4ded832d4d4cc8a6235449f962e797065ad6094ba1b622eb5aec6

  • SSDEEP

    384:gShgeVblV1rnScK6E6fRzt6uJwN4bjaXNCRSYWYMkW3U:gS5zffat4/RdWYnW3

Score
10/10
cobaltstrikebackdoortrojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://43.142.193.86:80/sIp1

Attributes
  • user_agent

    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENUSMSE)

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\d477d9fdfd2da88396a21f277c066635d34c6ed17c570b740364d7e04d3618eb.exe
    "C:\Users\Admin\AppData\Local\Temp\d477d9fdfd2da88396a21f277c066635d34c6ed17c570b740364d7e04d3618eb.exe"
    1⤵
      PID:3628

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3628-0-0x00007FF713E10000-0x00007FF713E18000-memory.dmp
      Filesize

      32KB

      Download
    • memory/3628-1-0x000002057CFF0000-0x000002057CFF2000-memory.dmp
      Filesize

      8KB

      Download