Analysis
-
max time kernel
141s -
max time network
103s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
22-05-2024 12:26
Behavioral task
behavioral1
Sample
2024-05-22_177a790b1e88fa49307c5e3d4f75d2aa_cobalt-strike_cobaltstrike.exe
Resource
win7-20240221-en
windows7-x64
6 signatures
150 seconds
General
-
Target
2024-05-22_177a790b1e88fa49307c5e3d4f75d2aa_cobalt-strike_cobaltstrike.exe
-
Size
4.6MB
-
MD5
177a790b1e88fa49307c5e3d4f75d2aa
-
SHA1
84901086c4cfaac1025b155651e39cba5c386531
-
SHA256
3c933267e1d858ab65b9b7667650a1026300dfd42e648ace48b90cceb4b543d9
-
SHA512
97d145505d840274d79e5cb5b557bc77a196fb27b7aa2ec55b4555e0115bef062f7206e2a74a0836ee89b45c6c9f83448c98885956e3a20a2fdb2fbb0c7f0b71
-
SSDEEP
98304:SW1qiPgxn+cuSuxx8Svt73qq36IdKtVxNw6pUkp3bkbRxmUM:53EnsxxDt73DdKrwapwbpM
Malware Config
Signatures
-
Detects executables containing URLs to raw contents of a Github gist 1 IoCs
Processes:
resource yara_rule behavioral2/memory/1672-6-0x0000000000400000-0x00000000010B6000-memory.dmp INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL -
UPX dump on OEP (original entry point) 2 IoCs
Processes:
resource yara_rule behavioral2/memory/1672-0-0x0000000000400000-0x00000000010B6000-memory.dmp UPX behavioral2/memory/1672-6-0x0000000000400000-0x00000000010B6000-memory.dmp UPX -
XMRig Miner payload 1 IoCs
Processes:
resource yara_rule behavioral2/memory/1672-6-0x0000000000400000-0x00000000010B6000-memory.dmp xmrig -
Processes:
resource yara_rule behavioral2/memory/1672-0-0x0000000000400000-0x00000000010B6000-memory.dmp upx behavioral2/memory/1672-6-0x0000000000400000-0x00000000010B6000-memory.dmp upx