Overview

overview

10

Static

static

3

ff55424fd0...cs.exe

windows7-x64

10

ff55424fd0...cs.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-05-2024 17:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ff55424fd0a002f1dcd062d35b5c6a30_NeikiAnalytics.exe

  • Size

    3.0MB

  • MD5

    ff55424fd0a002f1dcd062d35b5c6a30

  • SHA1

    6566a4b9c07adc2466ad59b8b5fe654f68db59de

  • SHA256

    c7a71cb8d400bb2c759d9f24e79f510e03b93ef47ee314d814b6b8e24bd9ff43

  • SHA512

    fc9caf39695b3914943ff3ac4a5224e7b578ed5663d732d33b439ecd29c3e7d6fbed706e52643aa32de34aa518a5f8fd083c387fbe981ae73035df8cc549f156

  • SSDEEP

    98304:8yzruaI6HMaJTtGbS02tWCRqedk/n0Agwf8j6NfJIDv:8PaI6HMaJTtGbQECRl2Ewf8jaC7

Score
10/10
cobaltstrikebackdoortrojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://124.70.99.224:2231/xu79

Attributes
  • user_agent

    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET4.0C; .NET4.0E)

Signatures

  • Cobaltstrike

    Detected malicious payload which is part of Cobaltstrike.

    trojanbackdoorcobaltstrike
  • Loads dropped DLL 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ff55424fd0a002f1dcd062d35b5c6a30_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\ff55424fd0a002f1dcd062d35b5c6a30_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4564
    • C:\Users\Admin\AppData\Local\Temp\ff55424fd0a002f1dcd062d35b5c6a30_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\ff55424fd0a002f1dcd062d35b5c6a30_NeikiAnalytics.exe"
      2⤵
      • Loads dropped DLL
      • Suspicious use of AdjustPrivilegeToken
      PID:2896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI45642\VCRUNTIME140.dll
    Filesize

    87KB

    MD5

    0e675d4a7a5b7ccd69013386793f68eb

    SHA1

    6e5821ddd8fea6681bda4448816f39984a33596b

    SHA256

    bf5ff4603557c9959acec995653d052d9054ad4826df967974efd2f377c723d1

    SHA512

    cae69a90f92936febde67dacd6ce77647cb3b3ed82bb66463cd9047e90723f633aa2fc365489de09fecdc510be15808c183b12e6236b0893af19633f6a670e66

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI45642\_ctypes.pyd
    Filesize

    131KB

    MD5

    9a69561e94859bc3411c6499bc46c4bd

    SHA1

    3fa5bc2d4ffc23c4c383252c51098d6211949b99

    SHA256

    6bbde732c5bcb89455f43f370a444bb6bca321825de56f9a1f2e947b0a006f1c

    SHA512

    31d9e3844f1b8e72ec80acd1e224a94d11039c130e69c498a668e07e0d8bba8d1ed1ebe0b7a16376ca597d0e2b74a0d5e3bf53d1cbadf5bf099d3bf78db659a4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI45642\base_library.zip
    Filesize

    777KB

    MD5

    0e6058a5f76271c2e67f526ecf1dd1e7

    SHA1

    9266d66b72db5e3d1dfcf7e8be0dd2dc409cb53a

    SHA256

    ab3b96de6190cd8aa7d49f41530047e7aa39e4d620d79665bd88e4e1beed6a62

    SHA512

    f71f8d85974520546951105e0ccb6c49df0f561498648182eec6c983e27d775a7d8b38ca4b01b46c9f0660d974291fc78ed57042ab0a543273aac6a34fd37323

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI45642\python37.dll
    Filesize

    3.6MB

    MD5

    86af9b888a72bdceb8fd8ed54975edd5

    SHA1

    c9d67c9243f818c0a8cc279267cca44d9995f0cf

    SHA256

    e11aa3893597d7c408349ebb11f47a24e388fd702c4d38b5d6f363f7ad6e8e5f

    SHA512

    5d8fd9040f466e23af7f17772e3769ad83c5f55f8c70dcc3cfb1f827e105f0f4e6133f0e183fabc67dd44799495c47f931bf92546342b30b9c4a5c2b4aeee7c7

    Download Submit

  • memory/2896-14-0x00000281E4A80000-0x00000281E4A81000-memory.dmp

    Filesize

    4KB

    Download