Analysis
-
max time kernel
147s -
max time network
148s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
23-05-2024 02:17
Static task
static1
Behavioral task
behavioral1
Sample
ff08ebc061d3f972c400fc35a96dc17f775fe2e0cd68fcd3a2e5d0502b674111.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
ff08ebc061d3f972c400fc35a96dc17f775fe2e0cd68fcd3a2e5d0502b674111.exe
Resource
win10v2004-20240508-en
General
-
Target
ff08ebc061d3f972c400fc35a96dc17f775fe2e0cd68fcd3a2e5d0502b674111.exe
-
Size
467KB
-
MD5
a51b2a8d837bb297fb035ca947af22f6
-
SHA1
91e1143b5aac044738da82a8b16ee18197566a31
-
SHA256
ff08ebc061d3f972c400fc35a96dc17f775fe2e0cd68fcd3a2e5d0502b674111
-
SHA512
b5338ebba2baeca63e02bc0134709eda91bcb43b3bbc80aea712ac460e52d89a4475a1bf5c4ec746242297af9e723f7a6c74f8996a6dc88cac72a1dde44422f0
-
SSDEEP
12288:SV88VyWYgeWYg955/155/rilvQ8Hyu16j4aa7mCo:SV88wl5U8b
Malware Config
Extracted
cobaltstrike
http://114.132.98.252:4431/JTPo
-
user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
ff08ebc061d3f972c400fc35a96dc17f775fe2e0cd68fcd3a2e5d0502b674111.exepid process 2176 ff08ebc061d3f972c400fc35a96dc17f775fe2e0cd68fcd3a2e5d0502b674111.exe