Analysis Overview
SHA256
b7a38c9378a5800c0b018eb05a63904d2c05baa1e9433bf33e53ecc01dfb11c3
Threat Level: Known bad
The file beacon.exe was found to be: Known bad.
Malicious Activity Summary
Cobaltstrike
Unsigned PE
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-05-08 00:34
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-08 00:34
Reported
2024-05-08 00:37
Platform
win7-20240221-en
Max time kernel
140s
Max time network
127s
Command Line
Signatures
Cobaltstrike
Processes
C:\Users\Admin\AppData\Local\Temp\beacon.exe
"C:\Users\Admin\AppData\Local\Temp\beacon.exe"
Network
| Country | Destination | Domain | Proto |
| SG | 8.219.177.40:1443 | tcp | |
| SG | 8.219.177.40:1443 | tcp | |
| SG | 8.219.177.40:1443 | tcp | |
| SG | 8.219.177.40:1443 | tcp | |
| SG | 8.219.177.40:1443 | tcp | |
| SG | 8.219.177.40:1443 | tcp | |
| SG | 8.219.177.40:1443 | tcp | |
| SG | 8.219.177.40:1443 | tcp |
Files
memory/1984-0-0x00000000000E0000-0x0000000000121000-memory.dmp
memory/1984-2-0x00000000770D2000-0x00000000770D3000-memory.dmp
memory/1984-1-0x0000000000B30000-0x0000000000FA2000-memory.dmp
memory/1984-4-0x00000000770B0000-0x00000000771CF000-memory.dmp
memory/1984-5-0x000000013F330000-0x000000013F391000-memory.dmp
memory/1984-7-0x00000000770D2000-0x00000000770D3000-memory.dmp
memory/1984-9-0x00000000770B0000-0x00000000771CF000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-08 00:34
Reported
2024-05-08 00:37
Platform
win10v2004-20240419-en
Max time kernel
140s
Max time network
122s
Command Line
Signatures
Cobaltstrike
Processes
C:\Users\Admin\AppData\Local\Temp\beacon.exe
"C:\Users\Admin\AppData\Local\Temp\beacon.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| SG | 8.219.177.40:1443 | tcp | |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| SG | 8.219.177.40:1443 | tcp | |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.15.97.104.in-addr.arpa | udp |
| SG | 8.219.177.40:1443 | tcp | |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| SG | 8.219.177.40:1443 | tcp |
Files
memory/4568-0-0x0000028F3E0F0000-0x0000028F3E131000-memory.dmp
memory/4568-2-0x0000028F3E350000-0x0000028F3E7C2000-memory.dmp
memory/4568-4-0x00007FF621AC0000-0x00007FF621B21000-memory.dmp