Behavioral task
behavioral1
Sample
2968-12-0x00000000054C0000-0x0000000005501000-memory.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2968-12-0x00000000054C0000-0x0000000005501000-memory.dll
Resource
win10v2004-20240412-en
General
-
Target
2968-12-0x00000000054C0000-0x0000000005501000-memory.dmp
-
Size
260KB
-
MD5
4d09b4964269ac11780c530783aaa155
-
SHA1
96a805afbf1294e909451d4d4ccbf6c9ca88e41e
-
SHA256
38dc89dad1485a7865f56642a8acbcf176b2dba8bd5fecdf8f3ced239e1d770b
-
SHA512
f3983e1ef02469244246a766b1b3c359d6d08849c0b23a53721243ecfabc586218bed874e03d7a8754e73a0ec37bcab14b02edd272b25136088b695b938bf330
-
SSDEEP
3072:NY2vCzrLSp6ard/I8IWkFxwcFHzchZ2CEmAe9JXD1jRUT5o7GBS:C20GJrdA8I7hFTqRP9JXpjO
Malware Config
Signatures
-
Cobalt Strike reflective loader 1 IoCs
Detects the reflective loader used by Cobalt Strike.
Processes:
resource yara_rule sample cobalt_reflective_dll -
Cobaltstrike family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 2968-12-0x00000000054C0000-0x0000000005501000-memory.dmp
Files
-
2968-12-0x00000000054C0000-0x0000000005501000-memory.dmp.dll windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI
Sections
.text Size: 153KB - Virtual size: 152KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 39KB - Virtual size: 39KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 16KB - Virtual size: 49KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ