Overview

overview

10

Static

static

3

f7d21d2b5c...18.dll

windows7-x64

10

f7d21d2b5c...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    92s
  • max time network
    135s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-04-2024 10:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f7d21d2b5c00f1c0abcc086800ff08db_JaffaCakes118.dll

  • Size

    1.5MB

  • MD5

    f7d21d2b5c00f1c0abcc086800ff08db

  • SHA1

    9f9c47dfedf5b0e8ba1ce61e33cebd94e899e25f

  • SHA256

    851e687f9a39e18a67df78a10aeea4525718b6676a29161857dfe58157c8790c

  • SHA512

    c48baf5d8f5801fef270e22cfed881fa73373068850df618d9c9e74a1274e77c98658162f62417fb427d9a52bf26b58b1823249e3fd4eb1bae42c37736dfd379

  • SSDEEP

    24576:NCRMBSOiv0TSbDCPnu1u1ZEhQbkZ7T6Sx:HBSrsSbGPnu13owT

Score
10/10
cobaltstrikebackdoortrojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://iweb-tech.com:443/files/cr.ico

Attributes
  • user_agent

    Host: iweb-tech.com Connection: close User-Agent: Mozilla/5.0 (Linux; Android 6.0; HTC One X10 Build/MRA58K; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0

Signatures

  • Cobaltstrike

    Detected malicious payload which is part of Cobaltstrike.

    trojanbackdoorcobaltstrike
  • Blocklisted process makes network request 5 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\f7d21d2b5c00f1c0abcc086800ff08db_JaffaCakes118.dll,#1
    1⤵
    • Blocklisted process makes network request
    PID:1264

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1264-8-0x000001C82B150000-0x000001C82B550000-memory.dmp
    Filesize

    4.0MB

    Download
  • memory/1264-9-0x00007FFAB6260000-0x00007FFAB6432000-memory.dmp
    Filesize

    1.8MB

    Download