Analysis
-
max time kernel
133s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
27/05/2024, 19:57
Static task
static1
Behavioral task
behavioral1
Sample
c00ba42a5c9a8fe6a94a41dc39c0786d756dcb2fcc451125d854b650d9960711.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
c00ba42a5c9a8fe6a94a41dc39c0786d756dcb2fcc451125d854b650d9960711.exe
Resource
win10v2004-20240508-en
General
-
Target
c00ba42a5c9a8fe6a94a41dc39c0786d756dcb2fcc451125d854b650d9960711.exe
-
Size
1.3MB
-
MD5
9d20a9b72019c0af26ac31e616f8b0d9
-
SHA1
7a2e1d1eaa38dd9869717eb4c03f4e798899aa08
-
SHA256
c00ba42a5c9a8fe6a94a41dc39c0786d756dcb2fcc451125d854b650d9960711
-
SHA512
77141bc59fa9acba56b22c4f3974d6270a8f46f9c8aa03c21890a59270f889bec6da17b2f843c64322edaac423409a5d0877c324ef812339d7611ff6b8e26548
-
SSDEEP
12288:KvRjcZNW1R7DCP6jjQOXF+cN5nET6cxR+2V0T+ESTo3ujYCkwso9XXnX8jB:KhcGLCPIrEdCkJYfwsoNOB
Malware Config
Extracted
cobaltstrike
http://104.194.78.37:8778/QMuJ
-
user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/5.0)
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
Processes
-
C:\Users\Admin\AppData\Local\Temp\c00ba42a5c9a8fe6a94a41dc39c0786d756dcb2fcc451125d854b650d9960711.exe"C:\Users\Admin\AppData\Local\Temp\c00ba42a5c9a8fe6a94a41dc39c0786d756dcb2fcc451125d854b650d9960711.exe"1⤵PID:2060
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4316,i,4686244434963378549,11462511444150484980,262144 --variations-seed-version --mojo-platform-channel-handle=3656 /prefetch:81⤵PID:3408