Overview

overview

10

Static

static

10

2024-06-04...ig.exe

windows7-x64

10

2024-06-04...ig.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    92s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/06/2024, 00:25

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-06-04_65b26ccc1ce3a2e3eaceec6119066529_cobalt-strike_cobaltstrike_xmrig.exe

  • Size

    11.3MB

  • MD5

    65b26ccc1ce3a2e3eaceec6119066529

  • SHA1

    acce90f0c5bb4e4e1b691514372f4abe34734d66

  • SHA256

    ef9d46c35d7fcb12bc1ff12d0c67192b60a20bcc140ac2563d796f0f369e2246

  • SHA512

    795d2f82d123e49983ce1eba6b75cc305d9458c2d0898b5711b4e544cad4d34ee1072fbf8b9f1c606591bd69e68f68ab36d9fb0c6d5053c96430dce2bbc9309b

  • SSDEEP

    196608:m2XrSIqtPazmgL7uDbzV0xpZr8o37nmPQLi7gCsLz9:maWIPyquDCzzmPfgCy

Score
10/10
cobaltstrikexmrigbackdoorminertrojan

Malware Config

Signatures

  • Cobalt Strike reflective loader 1 IoCs

    Detects the reflective loader used by Cobalt Strike.

  • Cobaltstrike

    Detected malicious payload which is part of Cobaltstrike.

    trojanbackdoorcobaltstrike
  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • Detects Reflective DLL injection artifacts 1 IoCs
  • Detects executables containing URLs to raw contents of a Github gist 7 IoCs
  • XMRig Miner payload 7 IoCs
    miner
  • Drops desktop.ini file(s) 2 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs
  • Drops autorun.inf file 1 TTPs 3 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in Program Files directory 64 IoCs
  • Modifies Internet Explorer start page 1 TTPs 2 IoCs
    stealer
  • Modifies system certificate store 2 TTPs 12 IoCs
    evasionspywaretrojan
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-04_65b26ccc1ce3a2e3eaceec6119066529_cobalt-strike_cobaltstrike_xmrig.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-04_65b26ccc1ce3a2e3eaceec6119066529_cobalt-strike_cobaltstrike_xmrig.exe"
    1⤵
    • Drops desktop.ini file(s)
    • Drops autorun.inf file
    • Drops file in Program Files directory
    • Modifies Internet Explorer start page
    • Modifies system certificate store
    • Suspicious use of AdjustPrivilegeToken
    PID:1648

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files\7-Zip\7-zip32.dll
          Filesize

          11.5MB

          MD5

          02b7dacd646d6b01aa3e05748d5c13f7

          SHA1

          bf505d8cd3bbbe45dcde8af2df3f921c7abd8b25

          SHA256

          e08c8567461629add48a1b0b8d6a2591b49246d9e3e01c227618eb0951e00842

          SHA512

          8f8a2504fdee532ec7f5b188b6605097d9181663babd732ced1b09e546ebbf2e5c44047824e097937ad8dfbb2c8dd220291d9afffd7a39f4dc316f206dd1d770

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
          Filesize

          1KB

          MD5

          55540a230bdab55187a841cfe1aa1545

          SHA1

          363e4734f757bdeb89868efe94907774a327695e

          SHA256

          d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

          SHA512

          c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
          Filesize

          230B

          MD5

          d845c1fdaa94e49677cfd5ca6445235b

          SHA1

          20450c0c870711140f33b44cfe7c18e1b0bb3316

          SHA256

          fba308cf07ee0b84645ac2dcfdc66969c479c1176b4731fda4564928f52f4eca

          SHA512

          7eae5d94d52b02290c20839dd336d51b1e720c8c931126367fc478642b8617725403bdd4b78cf8fa0ea9ba98380f9bb1aa9705daee485e183c28df31a0ae3403

          Download Submit

        • memory/1648-1403-0x0000000000400000-0x00000000010B2000-memory.dmp

          Filesize

          12.7MB

          Download

        • memory/1648-320-0x0000000000400000-0x00000000010B2000-memory.dmp

          Filesize

          12.7MB

          Download

        • memory/1648-849-0x0000000000400000-0x00000000010B2000-memory.dmp

          Filesize

          12.7MB

          Download

        • memory/1648-0-0x00000000001F0000-0x0000000000200000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1648-1923-0x0000000000400000-0x00000000010B2000-memory.dmp

          Filesize

          12.7MB

          Download

        • memory/1648-2075-0x0000000000400000-0x00000000010B2000-memory.dmp

          Filesize

          12.7MB

          Download

        • memory/1648-2157-0x0000000000060000-0x0000000000062000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1648-2162-0x0000000000401000-0x0000000000A18000-memory.dmp

          Filesize

          6.1MB

          Download

        • memory/1648-2163-0x0000000000400000-0x00000000010B2000-memory.dmp

          Filesize

          12.7MB

          Download

        • memory/1648-2165-0x0000000000401000-0x0000000000A18000-memory.dmp

          Filesize

          6.1MB

          Download