Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
21-05-2024 10:29
Static task
static1
Behavioral task
behavioral1
Sample
df2009833cbab381774d9a97532448251b994a392268af28964418ebf2a74cac.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
df2009833cbab381774d9a97532448251b994a392268af28964418ebf2a74cac.exe
Resource
win10v2004-20240226-en
General
-
Target
df2009833cbab381774d9a97532448251b994a392268af28964418ebf2a74cac.exe
-
Size
19KB
-
MD5
2c4b280cbf04c3b819b9f8269534dcba
-
SHA1
6c4e02d927bc6869ca733b12b8b2fe0aa7484ca9
-
SHA256
df2009833cbab381774d9a97532448251b994a392268af28964418ebf2a74cac
-
SHA512
58ef24b5a7523e0e12701d87d88b39c9195df955c71430f451ca48219cbc00b9ec8756453e2edbed94dd249b25b605d700a704ab6b9055728da8be167d8c7c50
-
SSDEEP
192:6V7qaCF6Op1t2dobVXujRDcBaXWQjwOT/29nELWF8qa1Dojjgi:UqaCF31cix+Dc4zjq1FF46gi
Malware Config
Extracted
cobaltstrike
http://118.25.85.104:4443/jquery-3.3.2.slim.min.js
-
user_agent
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Referer: http://code.jquery.com/ Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.