Analysis Overview
SHA256
7c53e1be550e49aa22a626bcac482ab33420d7db0e5cd0aec4655343c20d4ba5
Threat Level: Known bad
The file be.exe was found to be: Known bad.
Malicious Activity Summary
Cobaltstrike
Unsigned PE
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-05 21:17
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-05 21:17
Reported
2024-06-05 21:22
Platform
win11-20240426-en
Max time kernel
41s
Max time network
40s
Command Line
Signatures
Cobaltstrike
Processes
C:\Users\Admin\AppData\Local\Temp\be.exe
"C:\Users\Admin\AppData\Local\Temp\be.exe"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
Network
| Country | Destination | Domain | Proto |
| CN | 124.220.91.113:8080 | tcp | |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| BE | 104.68.66.114:443 | cxcs.microsoft.net | tcp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| CN | 124.220.91.113:8080 | tcp | |
| US | 8.8.8.8:53 | 145.83.221.88.in-addr.arpa | udp |
Files
memory/3436-0-0x0000000000D10000-0x0000000000D51000-memory.dmp
memory/3436-1-0x0000000000D60000-0x0000000000DAF000-memory.dmp
memory/3436-2-0x0000000000400000-0x000000000044E000-memory.dmp
memory/3436-4-0x0000000000D60000-0x0000000000DAF000-memory.dmp