Overview

overview

3

Static

static

3

COCKTA~1.exe

windows7-x64

1

COCKTA~1.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    56s
  • max time network
    50s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/04/2024, 10:12

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    COCKTA~1.exe

  • Size

    570KB

  • MD5

    706bf659bc3470be42613799580e036e

  • SHA1

    1e84f53882e3fa8563b9ed4ad63bd98a31efe9ce

  • SHA256

    c88df8c97951601cf7fdbe9d81ca0d9f64a0022b03dfd44d50795375d8a1980f

  • SHA512

    cc494cc196ea48e401cc9095c2a6959b15f689366c44cf584a4c359a9d341dbc97935caf9feeb682d84ccbe4a4555757d697966344b73237434eab7e610f5d58

  • SSDEEP

    3072:JLarXJo8tA5egsi5ivZMJyFtfIKwAbf0T5OyQRmss7e6NWZZndH6lYZc:gAiCozIlAbs0yQR07fUZNdh

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\COCKTA~1.exe
    "C:\Users\Admin\AppData\Local\Temp\COCKTA~1.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3772
    • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
      dw20.exe -x -s 1008
      2⤵
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious use of AdjustPrivilegeToken
      PID:1232

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/3772-0-0x00007FFC94AB0000-0x00007FFC95451000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/3772-1-0x000000001BC80000-0x000000001C14E000-memory.dmp

          Filesize

          4.8MB

          Download

        • memory/3772-2-0x000000001C1F0000-0x000000001C28C000-memory.dmp

          Filesize

          624KB

          Download

        • memory/3772-3-0x00007FFC94AB0000-0x00007FFC95451000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/3772-4-0x00000000011E0000-0x00000000011F0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3772-5-0x0000000001150000-0x0000000001158000-memory.dmp

          Filesize

          32KB

          Download

        • memory/3772-6-0x00000000011E0000-0x00000000011F0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3772-13-0x00007FFC94AB0000-0x00007FFC95451000-memory.dmp

          Filesize

          9.6MB

          Download