Behavioral task
behavioral1
Sample
1904-0-0x0000000001D30000-0x0000000001D82000-memory.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1904-0-0x0000000001D30000-0x0000000001D82000-memory.dll
Resource
win10v2004-20240508-en
General
-
Target
1904-0-0x0000000001D30000-0x0000000001D82000-memory.dmp
-
Size
328KB
-
MD5
55cd9df0a8c2e61ce04cc6141c0a9f58
-
SHA1
0ab4fd0593e10710d74cfdba0b0180988a687c33
-
SHA256
3e1eac40a0b0c18a1af01973797057a64ab57d403dc0769d165a5973fefd93a7
-
SHA512
c0452150d128c14fe882e9b5dbc8d700c63b4b24d81dac1463e56aa9fb1d3a9658b956d7f7f41af7316ea8274c308d0b4cf9bd8653e4fa91d6af9b1a71474195
-
SSDEEP
3072:/zbINhWl+CIbfqqEVxtfg8jtfDCJS4l9JTFyG+JteEzCnLY0E65SYJl6vzHk:/zbUWootfDCvT4ZTXzCLY0FSz
Malware Config
Extracted
cobaltstrike
0
-
watermark
0
Signatures
-
Cobaltstrike family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 1904-0-0x0000000001D30000-0x0000000001D82000-memory.dmp
Files
-
1904-0-0x0000000001D30000-0x0000000001D82000-memory.dmp.dll windows:5 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI
Sections
.text Size: 176KB - Virtual size: 176KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 63KB - Virtual size: 62KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 17KB - Virtual size: 60KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ