Analysis
-
max time kernel
145s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
06-06-2024 13:38
Behavioral task
behavioral1
Sample
2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe
Resource
win7-20240419-en
General
-
Target
2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe
-
Size
5.9MB
-
MD5
461d66f0c7bc5054bdda0bc236311357
-
SHA1
cd931cc6e4df3cfc16ec093f7214b66a1853ee4c
-
SHA256
13c8a79a22d5034b55634ca96fa57030388a098a60dfc92e86a0613ed36f2206
-
SHA512
ad87d022037e20cd16387e2c9b493238107878151a0f1ee311ae7f00aa1a9867df57a2f247a668b90674c71b08fdf697cc33e8b3e539b2b57eb63aac79846c91
-
SSDEEP
98304:BemTLkNdfE0pZrt56utgpPFotBER/mQ32lUv:Q+856utgpPF8u/7v
Malware Config
Extracted
cobaltstrike
0
http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
-
access_type
512
-
beacon_type
256
-
create_remote_thread
768
-
crypto_scheme
256
-
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
-
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
-
http_method1
GET
-
http_method2
POST
-
maxdns
255
-
pipe_name
\\%s\pipe\msagent_%x
-
polling_time
5000
-
port_number
443
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/N4215/adj/amzn.us.sr.aps
-
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
-
watermark
0
Signatures
-
Cobalt Strike reflective loader 21 IoCs
Detects the reflective loader used by Cobalt Strike.
Processes:
resource yara_rule \Windows\system\mmXxoOd.exe cobalt_reflective_dll C:\Windows\system\sxdqqKL.exe cobalt_reflective_dll C:\Windows\system\UKqzrIy.exe cobalt_reflective_dll \Windows\system\tgHrTVp.exe cobalt_reflective_dll \Windows\system\cxQjHyC.exe cobalt_reflective_dll C:\Windows\system\EiVsqMF.exe cobalt_reflective_dll \Windows\system\WUWUxgI.exe cobalt_reflective_dll \Windows\system\THbRIZu.exe cobalt_reflective_dll \Windows\system\bosoYWn.exe cobalt_reflective_dll \Windows\system\hmQgHgq.exe cobalt_reflective_dll C:\Windows\system\cgxIHfA.exe cobalt_reflective_dll C:\Windows\system\BFSNONv.exe cobalt_reflective_dll \Windows\system\NMGPfjJ.exe cobalt_reflective_dll \Windows\system\pbugCEb.exe cobalt_reflective_dll C:\Windows\system\rqHiGAa.exe cobalt_reflective_dll C:\Windows\system\tAZwzJE.exe cobalt_reflective_dll C:\Windows\system\zfwUdqt.exe cobalt_reflective_dll C:\Windows\system\mEMcfVE.exe cobalt_reflective_dll C:\Windows\system\OtRjcdf.exe cobalt_reflective_dll C:\Windows\system\NjjZRYU.exe cobalt_reflective_dll \Windows\system\pOBsdCn.exe cobalt_reflective_dll -
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Detects Reflective DLL injection artifacts 21 IoCs
Processes:
resource yara_rule \Windows\system\mmXxoOd.exe INDICATOR_SUSPICIOUS_ReflectiveLoader C:\Windows\system\sxdqqKL.exe INDICATOR_SUSPICIOUS_ReflectiveLoader C:\Windows\system\UKqzrIy.exe INDICATOR_SUSPICIOUS_ReflectiveLoader \Windows\system\tgHrTVp.exe INDICATOR_SUSPICIOUS_ReflectiveLoader \Windows\system\cxQjHyC.exe INDICATOR_SUSPICIOUS_ReflectiveLoader C:\Windows\system\EiVsqMF.exe INDICATOR_SUSPICIOUS_ReflectiveLoader \Windows\system\WUWUxgI.exe INDICATOR_SUSPICIOUS_ReflectiveLoader \Windows\system\THbRIZu.exe INDICATOR_SUSPICIOUS_ReflectiveLoader \Windows\system\bosoYWn.exe INDICATOR_SUSPICIOUS_ReflectiveLoader \Windows\system\hmQgHgq.exe INDICATOR_SUSPICIOUS_ReflectiveLoader C:\Windows\system\cgxIHfA.exe INDICATOR_SUSPICIOUS_ReflectiveLoader C:\Windows\system\BFSNONv.exe INDICATOR_SUSPICIOUS_ReflectiveLoader \Windows\system\NMGPfjJ.exe INDICATOR_SUSPICIOUS_ReflectiveLoader \Windows\system\pbugCEb.exe INDICATOR_SUSPICIOUS_ReflectiveLoader C:\Windows\system\rqHiGAa.exe INDICATOR_SUSPICIOUS_ReflectiveLoader C:\Windows\system\tAZwzJE.exe INDICATOR_SUSPICIOUS_ReflectiveLoader C:\Windows\system\zfwUdqt.exe INDICATOR_SUSPICIOUS_ReflectiveLoader C:\Windows\system\mEMcfVE.exe INDICATOR_SUSPICIOUS_ReflectiveLoader C:\Windows\system\OtRjcdf.exe INDICATOR_SUSPICIOUS_ReflectiveLoader C:\Windows\system\NjjZRYU.exe INDICATOR_SUSPICIOUS_ReflectiveLoader \Windows\system\pOBsdCn.exe INDICATOR_SUSPICIOUS_ReflectiveLoader -
UPX dump on OEP (original entry point) 60 IoCs
Processes:
resource yara_rule behavioral1/memory/2052-0-0x000000013FEF0000-0x0000000140244000-memory.dmp UPX \Windows\system\mmXxoOd.exe UPX behavioral1/memory/2052-6-0x0000000002300000-0x0000000002654000-memory.dmp UPX C:\Windows\system\sxdqqKL.exe UPX C:\Windows\system\UKqzrIy.exe UPX behavioral1/memory/3060-15-0x000000013F6C0000-0x000000013FA14000-memory.dmp UPX behavioral1/memory/2364-21-0x000000013FC60000-0x000000013FFB4000-memory.dmp UPX behavioral1/memory/2448-11-0x000000013FBD0000-0x000000013FF24000-memory.dmp UPX \Windows\system\tgHrTVp.exe UPX behavioral1/memory/2688-29-0x000000013FF80000-0x00000001402D4000-memory.dmp UPX \Windows\system\cxQjHyC.exe UPX behavioral1/memory/2448-43-0x000000013FBD0000-0x000000013FF24000-memory.dmp UPX C:\Windows\system\EiVsqMF.exe UPX behavioral1/memory/2772-47-0x000000013FD00000-0x0000000140054000-memory.dmp UPX behavioral1/memory/1984-40-0x000000013F080000-0x000000013F3D4000-memory.dmp UPX behavioral1/memory/2052-36-0x000000013FEF0000-0x0000000140244000-memory.dmp UPX \Windows\system\WUWUxgI.exe UPX behavioral1/memory/2700-54-0x000000013FEA0000-0x00000001401F4000-memory.dmp UPX behavioral1/memory/3060-52-0x000000013F6C0000-0x000000013FA14000-memory.dmp UPX \Windows\system\THbRIZu.exe UPX behavioral1/memory/2528-61-0x000000013F790000-0x000000013FAE4000-memory.dmp UPX \Windows\system\bosoYWn.exe UPX behavioral1/memory/2364-65-0x000000013FC60000-0x000000013FFB4000-memory.dmp UPX behavioral1/memory/3024-70-0x000000013F490000-0x000000013F7E4000-memory.dmp UPX \Windows\system\hmQgHgq.exe UPX behavioral1/memory/2580-78-0x000000013FAB0000-0x000000013FE04000-memory.dmp UPX behavioral1/memory/2688-75-0x000000013FF80000-0x00000001402D4000-memory.dmp UPX C:\Windows\system\cgxIHfA.exe UPX C:\Windows\system\BFSNONv.exe UPX behavioral1/memory/1984-90-0x000000013F080000-0x000000013F3D4000-memory.dmp UPX behavioral1/memory/2880-91-0x000000013F770000-0x000000013FAC4000-memory.dmp UPX behavioral1/memory/2860-85-0x000000013F180000-0x000000013F4D4000-memory.dmp UPX \Windows\system\NMGPfjJ.exe UPX behavioral1/memory/2888-97-0x000000013F050000-0x000000013F3A4000-memory.dmp UPX behavioral1/memory/2052-95-0x0000000002300000-0x0000000002654000-memory.dmp UPX \Windows\system\pbugCEb.exe UPX C:\Windows\system\rqHiGAa.exe UPX C:\Windows\system\tAZwzJE.exe UPX C:\Windows\system\zfwUdqt.exe UPX C:\Windows\system\mEMcfVE.exe UPX C:\Windows\system\OtRjcdf.exe UPX C:\Windows\system\NjjZRYU.exe UPX \Windows\system\pOBsdCn.exe UPX behavioral1/memory/3024-143-0x000000013F490000-0x000000013F7E4000-memory.dmp UPX behavioral1/memory/2580-145-0x000000013FAB0000-0x000000013FE04000-memory.dmp UPX behavioral1/memory/2880-147-0x000000013F770000-0x000000013FAC4000-memory.dmp UPX behavioral1/memory/2888-149-0x000000013F050000-0x000000013F3A4000-memory.dmp UPX behavioral1/memory/2448-151-0x000000013FBD0000-0x000000013FF24000-memory.dmp UPX behavioral1/memory/3060-152-0x000000013F6C0000-0x000000013FA14000-memory.dmp UPX behavioral1/memory/2364-153-0x000000013FC60000-0x000000013FFB4000-memory.dmp UPX behavioral1/memory/2688-154-0x000000013FF80000-0x00000001402D4000-memory.dmp UPX behavioral1/memory/1984-155-0x000000013F080000-0x000000013F3D4000-memory.dmp UPX behavioral1/memory/2772-156-0x000000013FD00000-0x0000000140054000-memory.dmp UPX behavioral1/memory/2700-157-0x000000013FEA0000-0x00000001401F4000-memory.dmp UPX behavioral1/memory/2528-158-0x000000013F790000-0x000000013FAE4000-memory.dmp UPX behavioral1/memory/3024-159-0x000000013F490000-0x000000013F7E4000-memory.dmp UPX behavioral1/memory/2580-160-0x000000013FAB0000-0x000000013FE04000-memory.dmp UPX behavioral1/memory/2860-161-0x000000013F180000-0x000000013F4D4000-memory.dmp UPX behavioral1/memory/2888-163-0x000000013F050000-0x000000013F3A4000-memory.dmp UPX behavioral1/memory/2880-162-0x000000013F770000-0x000000013FAC4000-memory.dmp UPX -
XMRig Miner payload 64 IoCs
Processes:
resource yara_rule behavioral1/memory/2052-0-0x000000013FEF0000-0x0000000140244000-memory.dmp xmrig \Windows\system\mmXxoOd.exe xmrig behavioral1/memory/2052-6-0x0000000002300000-0x0000000002654000-memory.dmp xmrig C:\Windows\system\sxdqqKL.exe xmrig C:\Windows\system\UKqzrIy.exe xmrig behavioral1/memory/3060-15-0x000000013F6C0000-0x000000013FA14000-memory.dmp xmrig behavioral1/memory/2364-21-0x000000013FC60000-0x000000013FFB4000-memory.dmp xmrig behavioral1/memory/2448-11-0x000000013FBD0000-0x000000013FF24000-memory.dmp xmrig \Windows\system\tgHrTVp.exe xmrig behavioral1/memory/2688-29-0x000000013FF80000-0x00000001402D4000-memory.dmp xmrig \Windows\system\cxQjHyC.exe xmrig behavioral1/memory/2448-43-0x000000013FBD0000-0x000000013FF24000-memory.dmp xmrig C:\Windows\system\EiVsqMF.exe xmrig behavioral1/memory/2772-47-0x000000013FD00000-0x0000000140054000-memory.dmp xmrig behavioral1/memory/1984-40-0x000000013F080000-0x000000013F3D4000-memory.dmp xmrig behavioral1/memory/2052-36-0x000000013FEF0000-0x0000000140244000-memory.dmp xmrig \Windows\system\WUWUxgI.exe xmrig behavioral1/memory/2700-54-0x000000013FEA0000-0x00000001401F4000-memory.dmp xmrig behavioral1/memory/3060-52-0x000000013F6C0000-0x000000013FA14000-memory.dmp xmrig \Windows\system\THbRIZu.exe xmrig behavioral1/memory/2528-61-0x000000013F790000-0x000000013FAE4000-memory.dmp xmrig \Windows\system\bosoYWn.exe xmrig behavioral1/memory/2364-65-0x000000013FC60000-0x000000013FFB4000-memory.dmp xmrig behavioral1/memory/3024-70-0x000000013F490000-0x000000013F7E4000-memory.dmp xmrig \Windows\system\hmQgHgq.exe xmrig behavioral1/memory/2580-78-0x000000013FAB0000-0x000000013FE04000-memory.dmp xmrig behavioral1/memory/2052-76-0x000000013FAB0000-0x000000013FE04000-memory.dmp xmrig behavioral1/memory/2688-75-0x000000013FF80000-0x00000001402D4000-memory.dmp xmrig C:\Windows\system\cgxIHfA.exe xmrig C:\Windows\system\BFSNONv.exe xmrig behavioral1/memory/1984-90-0x000000013F080000-0x000000013F3D4000-memory.dmp xmrig behavioral1/memory/2880-91-0x000000013F770000-0x000000013FAC4000-memory.dmp xmrig behavioral1/memory/2860-85-0x000000013F180000-0x000000013F4D4000-memory.dmp xmrig \Windows\system\NMGPfjJ.exe xmrig behavioral1/memory/2888-97-0x000000013F050000-0x000000013F3A4000-memory.dmp xmrig behavioral1/memory/2052-96-0x000000013F050000-0x000000013F3A4000-memory.dmp xmrig behavioral1/memory/2052-95-0x0000000002300000-0x0000000002654000-memory.dmp xmrig \Windows\system\pbugCEb.exe xmrig C:\Windows\system\rqHiGAa.exe xmrig C:\Windows\system\tAZwzJE.exe xmrig C:\Windows\system\zfwUdqt.exe xmrig C:\Windows\system\mEMcfVE.exe xmrig behavioral1/memory/2052-128-0x000000013F490000-0x000000013F7E4000-memory.dmp xmrig C:\Windows\system\OtRjcdf.exe xmrig C:\Windows\system\NjjZRYU.exe xmrig \Windows\system\pOBsdCn.exe xmrig behavioral1/memory/3024-143-0x000000013F490000-0x000000013F7E4000-memory.dmp xmrig behavioral1/memory/2580-145-0x000000013FAB0000-0x000000013FE04000-memory.dmp xmrig behavioral1/memory/2880-147-0x000000013F770000-0x000000013FAC4000-memory.dmp xmrig behavioral1/memory/2052-148-0x000000013F050000-0x000000013F3A4000-memory.dmp xmrig behavioral1/memory/2888-149-0x000000013F050000-0x000000013F3A4000-memory.dmp xmrig behavioral1/memory/2052-150-0x000000013FAF0000-0x000000013FE44000-memory.dmp xmrig behavioral1/memory/2448-151-0x000000013FBD0000-0x000000013FF24000-memory.dmp xmrig behavioral1/memory/3060-152-0x000000013F6C0000-0x000000013FA14000-memory.dmp xmrig behavioral1/memory/2364-153-0x000000013FC60000-0x000000013FFB4000-memory.dmp xmrig behavioral1/memory/2688-154-0x000000013FF80000-0x00000001402D4000-memory.dmp xmrig behavioral1/memory/1984-155-0x000000013F080000-0x000000013F3D4000-memory.dmp xmrig behavioral1/memory/2772-156-0x000000013FD00000-0x0000000140054000-memory.dmp xmrig behavioral1/memory/2700-157-0x000000013FEA0000-0x00000001401F4000-memory.dmp xmrig behavioral1/memory/2528-158-0x000000013F790000-0x000000013FAE4000-memory.dmp xmrig behavioral1/memory/3024-159-0x000000013F490000-0x000000013F7E4000-memory.dmp xmrig behavioral1/memory/2580-160-0x000000013FAB0000-0x000000013FE04000-memory.dmp xmrig behavioral1/memory/2860-161-0x000000013F180000-0x000000013F4D4000-memory.dmp xmrig behavioral1/memory/2888-163-0x000000013F050000-0x000000013F3A4000-memory.dmp xmrig -
Executes dropped EXE 21 IoCs
Processes:
mmXxoOd.exesxdqqKL.exeUKqzrIy.exetgHrTVp.execxQjHyC.exeEiVsqMF.exeWUWUxgI.exeTHbRIZu.exebosoYWn.exehmQgHgq.execgxIHfA.exeBFSNONv.exeNMGPfjJ.exepbugCEb.exetAZwzJE.exerqHiGAa.exemEMcfVE.exezfwUdqt.exeOtRjcdf.exeNjjZRYU.exepOBsdCn.exepid process 2448 mmXxoOd.exe 3060 sxdqqKL.exe 2364 UKqzrIy.exe 2688 tgHrTVp.exe 1984 cxQjHyC.exe 2772 EiVsqMF.exe 2700 WUWUxgI.exe 2528 THbRIZu.exe 3024 bosoYWn.exe 2580 hmQgHgq.exe 2860 cgxIHfA.exe 2880 BFSNONv.exe 2888 NMGPfjJ.exe 2332 pbugCEb.exe 1636 tAZwzJE.exe 768 rqHiGAa.exe 1576 mEMcfVE.exe 1460 zfwUdqt.exe 2520 OtRjcdf.exe 1824 NjjZRYU.exe 1308 pOBsdCn.exe -
Loads dropped DLL 21 IoCs
Processes:
2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exepid process 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe -
Processes:
resource yara_rule behavioral1/memory/2052-0-0x000000013FEF0000-0x0000000140244000-memory.dmp upx \Windows\system\mmXxoOd.exe upx behavioral1/memory/2052-6-0x0000000002300000-0x0000000002654000-memory.dmp upx C:\Windows\system\sxdqqKL.exe upx C:\Windows\system\UKqzrIy.exe upx behavioral1/memory/3060-15-0x000000013F6C0000-0x000000013FA14000-memory.dmp upx behavioral1/memory/2364-21-0x000000013FC60000-0x000000013FFB4000-memory.dmp upx behavioral1/memory/2448-11-0x000000013FBD0000-0x000000013FF24000-memory.dmp upx \Windows\system\tgHrTVp.exe upx behavioral1/memory/2688-29-0x000000013FF80000-0x00000001402D4000-memory.dmp upx \Windows\system\cxQjHyC.exe upx behavioral1/memory/2448-43-0x000000013FBD0000-0x000000013FF24000-memory.dmp upx C:\Windows\system\EiVsqMF.exe upx behavioral1/memory/2772-47-0x000000013FD00000-0x0000000140054000-memory.dmp upx behavioral1/memory/2052-42-0x0000000002300000-0x0000000002654000-memory.dmp upx behavioral1/memory/1984-40-0x000000013F080000-0x000000013F3D4000-memory.dmp upx behavioral1/memory/2052-36-0x000000013FEF0000-0x0000000140244000-memory.dmp upx \Windows\system\WUWUxgI.exe upx behavioral1/memory/2700-54-0x000000013FEA0000-0x00000001401F4000-memory.dmp upx behavioral1/memory/3060-52-0x000000013F6C0000-0x000000013FA14000-memory.dmp upx \Windows\system\THbRIZu.exe upx behavioral1/memory/2528-61-0x000000013F790000-0x000000013FAE4000-memory.dmp upx \Windows\system\bosoYWn.exe upx behavioral1/memory/2364-65-0x000000013FC60000-0x000000013FFB4000-memory.dmp upx behavioral1/memory/3024-70-0x000000013F490000-0x000000013F7E4000-memory.dmp upx \Windows\system\hmQgHgq.exe upx behavioral1/memory/2580-78-0x000000013FAB0000-0x000000013FE04000-memory.dmp upx behavioral1/memory/2688-75-0x000000013FF80000-0x00000001402D4000-memory.dmp upx C:\Windows\system\cgxIHfA.exe upx C:\Windows\system\BFSNONv.exe upx behavioral1/memory/1984-90-0x000000013F080000-0x000000013F3D4000-memory.dmp upx behavioral1/memory/2880-91-0x000000013F770000-0x000000013FAC4000-memory.dmp upx behavioral1/memory/2860-85-0x000000013F180000-0x000000013F4D4000-memory.dmp upx \Windows\system\NMGPfjJ.exe upx behavioral1/memory/2888-97-0x000000013F050000-0x000000013F3A4000-memory.dmp upx behavioral1/memory/2052-95-0x0000000002300000-0x0000000002654000-memory.dmp upx \Windows\system\pbugCEb.exe upx C:\Windows\system\rqHiGAa.exe upx C:\Windows\system\tAZwzJE.exe upx C:\Windows\system\zfwUdqt.exe upx C:\Windows\system\mEMcfVE.exe upx C:\Windows\system\OtRjcdf.exe upx C:\Windows\system\NjjZRYU.exe upx \Windows\system\pOBsdCn.exe upx behavioral1/memory/3024-143-0x000000013F490000-0x000000013F7E4000-memory.dmp upx behavioral1/memory/2580-145-0x000000013FAB0000-0x000000013FE04000-memory.dmp upx behavioral1/memory/2880-147-0x000000013F770000-0x000000013FAC4000-memory.dmp upx behavioral1/memory/2888-149-0x000000013F050000-0x000000013F3A4000-memory.dmp upx behavioral1/memory/2448-151-0x000000013FBD0000-0x000000013FF24000-memory.dmp upx behavioral1/memory/3060-152-0x000000013F6C0000-0x000000013FA14000-memory.dmp upx behavioral1/memory/2364-153-0x000000013FC60000-0x000000013FFB4000-memory.dmp upx behavioral1/memory/2688-154-0x000000013FF80000-0x00000001402D4000-memory.dmp upx behavioral1/memory/1984-155-0x000000013F080000-0x000000013F3D4000-memory.dmp upx behavioral1/memory/2772-156-0x000000013FD00000-0x0000000140054000-memory.dmp upx behavioral1/memory/2700-157-0x000000013FEA0000-0x00000001401F4000-memory.dmp upx behavioral1/memory/2528-158-0x000000013F790000-0x000000013FAE4000-memory.dmp upx behavioral1/memory/3024-159-0x000000013F490000-0x000000013F7E4000-memory.dmp upx behavioral1/memory/2580-160-0x000000013FAB0000-0x000000013FE04000-memory.dmp upx behavioral1/memory/2860-161-0x000000013F180000-0x000000013F4D4000-memory.dmp upx behavioral1/memory/2888-163-0x000000013F050000-0x000000013F3A4000-memory.dmp upx behavioral1/memory/2880-162-0x000000013F770000-0x000000013FAC4000-memory.dmp upx -
Drops file in Windows directory 21 IoCs
Processes:
2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exedescription ioc process File created C:\Windows\System\cgxIHfA.exe 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe File created C:\Windows\System\mEMcfVE.exe 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe File created C:\Windows\System\pOBsdCn.exe 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe File created C:\Windows\System\THbRIZu.exe 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe File created C:\Windows\System\tgHrTVp.exe 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe File created C:\Windows\System\hmQgHgq.exe 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe File created C:\Windows\System\BFSNONv.exe 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe File created C:\Windows\System\NMGPfjJ.exe 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe File created C:\Windows\System\tAZwzJE.exe 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe File created C:\Windows\System\sxdqqKL.exe 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe File created C:\Windows\System\EiVsqMF.exe 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe File created C:\Windows\System\bosoYWn.exe 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe File created C:\Windows\System\rqHiGAa.exe 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe File created C:\Windows\System\UKqzrIy.exe 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe File created C:\Windows\System\cxQjHyC.exe 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe File created C:\Windows\System\WUWUxgI.exe 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe File created C:\Windows\System\pbugCEb.exe 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe File created C:\Windows\System\zfwUdqt.exe 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe File created C:\Windows\System\OtRjcdf.exe 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe File created C:\Windows\System\NjjZRYU.exe 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe File created C:\Windows\System\mmXxoOd.exe 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exedescription pid process Token: SeLockMemoryPrivilege 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe Token: SeLockMemoryPrivilege 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe -
Suspicious use of WriteProcessMemory 63 IoCs
Processes:
2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exedescription pid process target process PID 2052 wrote to memory of 2448 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe mmXxoOd.exe PID 2052 wrote to memory of 2448 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe mmXxoOd.exe PID 2052 wrote to memory of 2448 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe mmXxoOd.exe PID 2052 wrote to memory of 3060 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe sxdqqKL.exe PID 2052 wrote to memory of 3060 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe sxdqqKL.exe PID 2052 wrote to memory of 3060 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe sxdqqKL.exe PID 2052 wrote to memory of 2364 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe UKqzrIy.exe PID 2052 wrote to memory of 2364 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe UKqzrIy.exe PID 2052 wrote to memory of 2364 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe UKqzrIy.exe PID 2052 wrote to memory of 2688 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe tgHrTVp.exe PID 2052 wrote to memory of 2688 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe tgHrTVp.exe PID 2052 wrote to memory of 2688 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe tgHrTVp.exe PID 2052 wrote to memory of 1984 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe cxQjHyC.exe PID 2052 wrote to memory of 1984 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe cxQjHyC.exe PID 2052 wrote to memory of 1984 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe cxQjHyC.exe PID 2052 wrote to memory of 2772 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe EiVsqMF.exe PID 2052 wrote to memory of 2772 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe EiVsqMF.exe PID 2052 wrote to memory of 2772 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe EiVsqMF.exe PID 2052 wrote to memory of 2700 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe WUWUxgI.exe PID 2052 wrote to memory of 2700 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe WUWUxgI.exe PID 2052 wrote to memory of 2700 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe WUWUxgI.exe PID 2052 wrote to memory of 2528 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe THbRIZu.exe PID 2052 wrote to memory of 2528 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe THbRIZu.exe PID 2052 wrote to memory of 2528 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe THbRIZu.exe PID 2052 wrote to memory of 3024 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe bosoYWn.exe PID 2052 wrote to memory of 3024 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe bosoYWn.exe PID 2052 wrote to memory of 3024 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe bosoYWn.exe PID 2052 wrote to memory of 2580 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe hmQgHgq.exe PID 2052 wrote to memory of 2580 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe hmQgHgq.exe PID 2052 wrote to memory of 2580 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe hmQgHgq.exe PID 2052 wrote to memory of 2860 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe cgxIHfA.exe PID 2052 wrote to memory of 2860 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe cgxIHfA.exe PID 2052 wrote to memory of 2860 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe cgxIHfA.exe PID 2052 wrote to memory of 2880 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe BFSNONv.exe PID 2052 wrote to memory of 2880 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe BFSNONv.exe PID 2052 wrote to memory of 2880 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe BFSNONv.exe PID 2052 wrote to memory of 2888 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe NMGPfjJ.exe PID 2052 wrote to memory of 2888 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe NMGPfjJ.exe PID 2052 wrote to memory of 2888 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe NMGPfjJ.exe PID 2052 wrote to memory of 2332 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe pbugCEb.exe PID 2052 wrote to memory of 2332 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe pbugCEb.exe PID 2052 wrote to memory of 2332 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe pbugCEb.exe PID 2052 wrote to memory of 1636 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe tAZwzJE.exe PID 2052 wrote to memory of 1636 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe tAZwzJE.exe PID 2052 wrote to memory of 1636 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe tAZwzJE.exe PID 2052 wrote to memory of 768 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe rqHiGAa.exe PID 2052 wrote to memory of 768 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe rqHiGAa.exe PID 2052 wrote to memory of 768 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe rqHiGAa.exe PID 2052 wrote to memory of 1576 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe mEMcfVE.exe PID 2052 wrote to memory of 1576 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe mEMcfVE.exe PID 2052 wrote to memory of 1576 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe mEMcfVE.exe PID 2052 wrote to memory of 1460 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe zfwUdqt.exe PID 2052 wrote to memory of 1460 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe zfwUdqt.exe PID 2052 wrote to memory of 1460 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe zfwUdqt.exe PID 2052 wrote to memory of 2520 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe OtRjcdf.exe PID 2052 wrote to memory of 2520 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe OtRjcdf.exe PID 2052 wrote to memory of 2520 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe OtRjcdf.exe PID 2052 wrote to memory of 1824 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe NjjZRYU.exe PID 2052 wrote to memory of 1824 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe NjjZRYU.exe PID 2052 wrote to memory of 1824 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe NjjZRYU.exe PID 2052 wrote to memory of 1308 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe pOBsdCn.exe PID 2052 wrote to memory of 1308 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe pOBsdCn.exe PID 2052 wrote to memory of 1308 2052 2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe pOBsdCn.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe"C:\Users\Admin\AppData\Local\Temp\2024-06-06_461d66f0c7bc5054bdda0bc236311357_cobalt-strike_cobaltstrike.exe"1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2052 -
C:\Windows\System\mmXxoOd.exeC:\Windows\System\mmXxoOd.exe2⤵
- Executes dropped EXE
PID:2448 -
C:\Windows\System\sxdqqKL.exeC:\Windows\System\sxdqqKL.exe2⤵
- Executes dropped EXE
PID:3060 -
C:\Windows\System\UKqzrIy.exeC:\Windows\System\UKqzrIy.exe2⤵
- Executes dropped EXE
PID:2364 -
C:\Windows\System\tgHrTVp.exeC:\Windows\System\tgHrTVp.exe2⤵
- Executes dropped EXE
PID:2688 -
C:\Windows\System\cxQjHyC.exeC:\Windows\System\cxQjHyC.exe2⤵
- Executes dropped EXE
PID:1984 -
C:\Windows\System\EiVsqMF.exeC:\Windows\System\EiVsqMF.exe2⤵
- Executes dropped EXE
PID:2772 -
C:\Windows\System\WUWUxgI.exeC:\Windows\System\WUWUxgI.exe2⤵
- Executes dropped EXE
PID:2700 -
C:\Windows\System\THbRIZu.exeC:\Windows\System\THbRIZu.exe2⤵
- Executes dropped EXE
PID:2528 -
C:\Windows\System\bosoYWn.exeC:\Windows\System\bosoYWn.exe2⤵
- Executes dropped EXE
PID:3024 -
C:\Windows\System\hmQgHgq.exeC:\Windows\System\hmQgHgq.exe2⤵
- Executes dropped EXE
PID:2580 -
C:\Windows\System\cgxIHfA.exeC:\Windows\System\cgxIHfA.exe2⤵
- Executes dropped EXE
PID:2860 -
C:\Windows\System\BFSNONv.exeC:\Windows\System\BFSNONv.exe2⤵
- Executes dropped EXE
PID:2880 -
C:\Windows\System\NMGPfjJ.exeC:\Windows\System\NMGPfjJ.exe2⤵
- Executes dropped EXE
PID:2888 -
C:\Windows\System\pbugCEb.exeC:\Windows\System\pbugCEb.exe2⤵
- Executes dropped EXE
PID:2332 -
C:\Windows\System\tAZwzJE.exeC:\Windows\System\tAZwzJE.exe2⤵
- Executes dropped EXE
PID:1636 -
C:\Windows\System\rqHiGAa.exeC:\Windows\System\rqHiGAa.exe2⤵
- Executes dropped EXE
PID:768 -
C:\Windows\System\mEMcfVE.exeC:\Windows\System\mEMcfVE.exe2⤵
- Executes dropped EXE
PID:1576 -
C:\Windows\System\zfwUdqt.exeC:\Windows\System\zfwUdqt.exe2⤵
- Executes dropped EXE
PID:1460 -
C:\Windows\System\OtRjcdf.exeC:\Windows\System\OtRjcdf.exe2⤵
- Executes dropped EXE
PID:2520 -
C:\Windows\System\NjjZRYU.exeC:\Windows\System\NjjZRYU.exe2⤵
- Executes dropped EXE
PID:1824 -
C:\Windows\System\pOBsdCn.exeC:\Windows\System\pOBsdCn.exe2⤵
- Executes dropped EXE
PID:1308
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5.9MB
MD579ad6eb0a524978d654bd7c073fa38e0
SHA107b096aaa76f7353aff74f1a59b524e0e87e832c
SHA256269a8110647986e202e18d1493d9713abe3290af0d6cef13b4cf050ff54f76cf
SHA5127ae5c188db73aee50b1122baef7ad5a1afa8a5e7aa15cd8bad5daa10c52fc4b1bc186807bd0a6ac611101fb56ad7da640f7c156155caacf3dfa798bd832188e0
-
Filesize
5.9MB
MD58770f865993e770f6a0032d4d2c046d2
SHA13714c50780c44f6a1e0e5d3399b5c3dfcd59a52e
SHA256449b4a4189013e400b3c1de3a378ce2fb737a87eb781daf067df60c03f36211a
SHA5120d93ce923ffdacaa8715af1ad481814ed380e308105f824bc2ef7056f27fb5fad079c6d6d836a844b757e970f9b479c9506894ace42ed54b261fa74a357c0b7e
-
Filesize
5.9MB
MD5601bd8af8556b58d660db6a412767eb7
SHA1b56a9f6b0f077a739709b9c4cf7d2b76bb5dfbdd
SHA256154102f0f567b569dee145eb22c5f187f3ed2b227a0e30a0ae78cbd9eb3af4a1
SHA51223242c14381262369052d13a97aab9994f6defcd967f219568b5452222f5e695683a41df8513cd50cdfd66288b0a4d39bed487d7e7c7a67514a05212ec3b5bac
-
Filesize
5.9MB
MD509b890779c3e886465f58b4f2686aa02
SHA18c680badbb6187e04ed08b3f19c5dc7bcac9463e
SHA256b813551b8ed7d3c5c5213a7245012636c31fb954509fb1bee7364d4f80cf4a95
SHA51209797f6fc560d136a08ff4bd0f49ea420fb98768dff13e25ebe4eb0fd4183f9a6306a41b86d75cf26e34cd56ee2efd457bc8aaafbab53e93b7a1f29f8a50b4e2
-
Filesize
5.9MB
MD5524754471568355b633a3cd50c159417
SHA192e1f964986e1277d393c4ad2fe56125a2d886f2
SHA2562389a471635e69e04ea0bde4e0f9f8a16149f458d7d7a1ad11352d9145b93fb4
SHA51200617201262780056a908613f173a647ab4013d5d329ee097cfeea0d9bf33910d95dbacf285ea3aa38c283879b6710cd6673a26babce73496954f92cee1eef37
-
Filesize
5.9MB
MD55ff243d7cf8d120136360278ad83d710
SHA11a33b5f2105b1377a24a991e89aa635edada5acb
SHA2566770c3773ba71103ebfab626fb1c2c49e27f6ef3e57fece645f656d14c6172f5
SHA512605242c16e92749cb515da3c4dfa05b908dbdee9e1ee8c2eec0ee23d8bd07414f2228947e7bf5cde0824bb8a3548397bf3216593845a67e88c52cd829bcf0d2d
-
Filesize
5.9MB
MD537676825c1a194d99b5d0d1efee9ff9e
SHA13a14c4306d92797a3568b6733e8027191d73cbf1
SHA256be6075318c75f25b0cd5e22e9d704152c088d4ab70d0d28c7effd29ba03fb16c
SHA5120eb059c63ab1f862106db4faab589eaa64263888000c6675239b98c762444ec29a5fd64dc5f38989efc4e6dbaebdd7bb347093d8682f23e4edcd679e9c9f9409
-
Filesize
5.9MB
MD547aac041121e45327b9c259717454351
SHA1b9fd0155751cce7237735a7fa21b5674cc97dcb6
SHA256d3f32c59d305aaec13519e65e27e99092491456acd0a56728a88f91b0861d195
SHA5126cd528693ffc1af48a04c3bcbb50edf6fe422a657e96dc313d68306dd8a4a69318a15566005f9e2eb43971526e37f9ad76dca0248ec539703255ace5c5cd91e8
-
Filesize
5.9MB
MD5875defcc01609e8f936139baec22b0d3
SHA1ed0650b5f4b24bb50d12a8bd4c7bd69ff62631a6
SHA25674d4741833b1ded0a1053bf96675434d4fb9f563ef087ec25bbff6a890a6be64
SHA5128d898749b07e78273395cd97ac67f928cd4987f1775eb1e73a10c90281bfe56920eb19f9b6f9b7d8b1fe5ff59d38e8a6fb997f8fd67485fd0e8ec81fe60d11ea
-
Filesize
5.9MB
MD59ec4c9ee325a8f81071fe859720afd41
SHA18109c34bf4b1566b9d8b24e8adf6adea7aa2d46a
SHA256fa241e6097043def421b1be17bd0b92ef149056e50aa25d0d7887924743a6853
SHA51293ec0f5f0ca7a7a7690c9e99209fa601334e08db7f9e906d68c6a22789eac1f26e7ec38f3feb3b09e20e13284d476e3301b2244b938285ef49e67f2b60fe00ab
-
Filesize
5.9MB
MD5c485a447107b603bcc0f0dfb794b01d1
SHA1e9352c708756828f8facafb34a47e052180ebf63
SHA2563bbf70b4347a5cb6a8807e68b28515071aabba559ca6a81138134203e0d016b6
SHA512d59c59da14c6dc55c0c46af19379d4f020172ee8087a43b4c0ed0bccd2a5ff188a0c6b3ab0347e78178dcf414c43f18ca151956e477042be772510439e4b4a8c
-
Filesize
5.9MB
MD539b74d3a200f8f65e8f54aadb0911795
SHA1bc6575b306e2472ba1a1619909d60bf09056e71b
SHA25678382c9caa12b7fb683285bbf20ce788b151a229805dc353930b2c6da4c46ef1
SHA512c259212d9328eeae1791b77f4dded11bd46e9881ef1fa2d9f36f15cbb995e9545ec101a1519d28a6e6a30758b92afafcce0859a2de521f5404b76192bb1e79a3
-
Filesize
5.9MB
MD5bd02c2d6bda6a5ee110124755e322aea
SHA10e490e4a9aed352decfc9cd3980239040df28257
SHA256c4043e97aebdcecccb110b220a9d484bdb57f3addff2592fc5f1799bcff1506a
SHA51283996caad3f3bb139b663b0dce1fef8726ea56427f86624266776c98e22c570ea8335c027b5b6977dce73e2f5131fe201b1b8f8e582030b7cdc002dfe54738e7
-
Filesize
5.9MB
MD5296cc3b069cd30558ecac19c339353a5
SHA103545075c30c7d8cc7ac62b31366dc76aa1c42eb
SHA256af5d5db2d5b79622bf4ca92c23537d10bcf7e096323fc335f5b0426364d0b11a
SHA5127a9d2e4047a63c9eb60f7329c0316f9c016e6ac7ef6c5d6392b022393cad13f7a02d0dba7bf1da6603b535f1c75973005a928e1c4a2cc831f4dcd4ca04f401eb
-
Filesize
5.9MB
MD5ebfd2887dd669b6616b8c95cb9ee89ea
SHA19d4d75b430e388c3abd72787df5da40a2e34b770
SHA256021f8a98c19b550e3fd0850fc041391440f18b3dac4b23e558e49ddf870110bd
SHA5126fd16115dfa75a35edb1d51b3708bd8247da760fe11e27fddc0692c5dc7c5dda1802f38a7df5ccda5b67a714fbdea1126dbdb27454bf06793f0ea7be3e2b62ad
-
Filesize
5.9MB
MD56cbd0278b47db5232bbf8e0fa4db72b8
SHA1050d8f4416732a34757be8981581cd6b7c39ee28
SHA25613350f331d5cc3208336eb598848de370a674bbc4ace33281153f2fd1d308d1b
SHA51209fdb783f21ffe1ee2ba8901e82286f57db331bf852db6912858b38068993c07a1c023e8d47c1a8c1396255e996c1ad8f89338c7c9d365a689b50939ba1e83e3
-
Filesize
5.9MB
MD5895db499307793bcd16bb18b3cf3ad3a
SHA17a4300e4cb012c62ae0146a3ebfe602070d54b49
SHA256e300efb613eca10f6e224a91961dca728f6aaff62cd1ff6a9098a9c3fb44f501
SHA512ae4ff04c75df24c84bb1926aa4404c0ec11733a908e96e0804303940cbd7141f985babf884501a1ca40e2ca53458e220052ee98f52f6b971bea565dec2167415
-
Filesize
5.9MB
MD567fccfc30c4c0ce5505b4c060f97c91c
SHA1d0f14133036f3b8c2ca41033d45012dee43622eb
SHA2567eb9f2d0f616082045deb593d181a4bcb6fc9ffe41d92b10374dfd2bdbb1eeaa
SHA512ab0664aa9ea877fa45c94834c9e6394fef901cff4b4c42eb51fad2aa45765e651a9f94e6088b025904cec386b89d97cc58bbec099e877403c903db5018b2c403
-
Filesize
5.9MB
MD5ef5a7d4aef4f689f6012c92784cf16b3
SHA1dc1b9ff2f7623829d579842dfffc55766bdfc417
SHA2560fdbdb5e57920b5b0b12e81e666082335789f79f603111c530f5589f071a77f6
SHA5128abee50f2490274aa52226cd34e466790fd51a7f3465acce666525e77c432dc15807778568345ad4f825716f020cdbef44e4d79404ca5a1bc9c955f8aeff5bc9
-
Filesize
5.9MB
MD5b4ba6844c27b86d934c0be43b0ddd311
SHA18bf1a5653618596d963171907e577c4ab898fb43
SHA2566ce90a6bc1d9b1d1e9aef4fb0e30e23498e9407d3ea39f7e99cd9e394fdbbbd6
SHA5120bd09c411b8f4cb58e2967d7806a88249461587f9e13e1a4d1738f1442de8bdd6ecabe581b56d39c6b907dd1def270cdb66c530f368c0a2fb44f30a37b728545
-
Filesize
5.9MB
MD509fb6b8af24dc421117b4fb5b37bbfd8
SHA18964b42edcf76de2bf6f9ceb66e6c1cc7bceb00a
SHA256bbebf15642223a07a88f0d5cbc4e49b474faed2d218c5891fe98e6296e154937
SHA512719d5572396497f5179f066d08d8943d4f4cb835860a1435cef8a1c37d4b21f1a73360b40b3d41fadc520618ef4e2eabb80b2498ec526a03214379ddf2cffb07