Analysis
-
max time kernel
143s -
max time network
147s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
08-06-2024 12:35
Behavioral task
behavioral1
Sample
2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe
Resource
win7-20240508-en
General
-
Target
2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe
-
Size
5.9MB
-
MD5
9a7ebb724342a0f26bc653cee9c1c348
-
SHA1
38f08c87aba3f634ee1ea4a812ba1d5082859ab8
-
SHA256
7be60f99fb8a5f9fb7fdcdf4584d0bc5346f78ab8a3c677a9c5a58a54fd181d2
-
SHA512
882904a59c65034886be97f753df3de3d60c5242f5d02d351cfa9d99668a2f8b82bc1fcdc71fd3e471dce347396a4ccb9c7cbdf0189af2299776586ff95264ef
-
SSDEEP
98304:BemTLkNdfE0pZrt56utgpPFotBER/mQ32lUT:Q+856utgpPF8u/7T
Malware Config
Extracted
cobaltstrike
0
http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
-
access_type
512
-
beacon_type
256
-
create_remote_thread
768
-
crypto_scheme
256
-
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
-
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
-
http_method1
GET
-
http_method2
POST
-
maxdns
255
-
pipe_name
\\%s\pipe\msagent_%x
-
polling_time
5000
-
port_number
443
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/N4215/adj/amzn.us.sr.aps
-
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
-
watermark
0
Signatures
-
Cobalt Strike reflective loader 21 IoCs
Detects the reflective loader used by Cobalt Strike.
Processes:
resource yara_rule \Windows\system\KRsnGIp.exe cobalt_reflective_dll \Windows\system\Fmluany.exe cobalt_reflective_dll C:\Windows\system\HNyZcdp.exe cobalt_reflective_dll \Windows\system\MHazAVm.exe cobalt_reflective_dll C:\Windows\system\MTuArke.exe cobalt_reflective_dll \Windows\system\NrnwHxH.exe cobalt_reflective_dll \Windows\system\dWRxBRD.exe cobalt_reflective_dll C:\Windows\system\sWVGekw.exe cobalt_reflective_dll \Windows\system\EUrfsaN.exe cobalt_reflective_dll C:\Windows\system\uRgHevw.exe cobalt_reflective_dll \Windows\system\JzvYWRr.exe cobalt_reflective_dll C:\Windows\system\moSTRNV.exe cobalt_reflective_dll C:\Windows\system\STUaixh.exe cobalt_reflective_dll C:\Windows\system\oDNGDhl.exe cobalt_reflective_dll \Windows\system\VvEnrlj.exe cobalt_reflective_dll C:\Windows\system\VDWBkMO.exe cobalt_reflective_dll C:\Windows\system\SxhIUhG.exe cobalt_reflective_dll C:\Windows\system\KopIdHg.exe cobalt_reflective_dll C:\Windows\system\jdeHpmv.exe cobalt_reflective_dll C:\Windows\system\liQaZxj.exe cobalt_reflective_dll C:\Windows\system\MTWXvxU.exe cobalt_reflective_dll -
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Detects Reflective DLL injection artifacts 21 IoCs
Processes:
resource yara_rule \Windows\system\KRsnGIp.exe INDICATOR_SUSPICIOUS_ReflectiveLoader \Windows\system\Fmluany.exe INDICATOR_SUSPICIOUS_ReflectiveLoader C:\Windows\system\HNyZcdp.exe INDICATOR_SUSPICIOUS_ReflectiveLoader \Windows\system\MHazAVm.exe INDICATOR_SUSPICIOUS_ReflectiveLoader C:\Windows\system\MTuArke.exe INDICATOR_SUSPICIOUS_ReflectiveLoader \Windows\system\NrnwHxH.exe INDICATOR_SUSPICIOUS_ReflectiveLoader \Windows\system\dWRxBRD.exe INDICATOR_SUSPICIOUS_ReflectiveLoader C:\Windows\system\sWVGekw.exe INDICATOR_SUSPICIOUS_ReflectiveLoader \Windows\system\EUrfsaN.exe INDICATOR_SUSPICIOUS_ReflectiveLoader C:\Windows\system\uRgHevw.exe INDICATOR_SUSPICIOUS_ReflectiveLoader \Windows\system\JzvYWRr.exe INDICATOR_SUSPICIOUS_ReflectiveLoader C:\Windows\system\moSTRNV.exe INDICATOR_SUSPICIOUS_ReflectiveLoader C:\Windows\system\STUaixh.exe INDICATOR_SUSPICIOUS_ReflectiveLoader C:\Windows\system\oDNGDhl.exe INDICATOR_SUSPICIOUS_ReflectiveLoader \Windows\system\VvEnrlj.exe INDICATOR_SUSPICIOUS_ReflectiveLoader C:\Windows\system\VDWBkMO.exe INDICATOR_SUSPICIOUS_ReflectiveLoader C:\Windows\system\SxhIUhG.exe INDICATOR_SUSPICIOUS_ReflectiveLoader C:\Windows\system\KopIdHg.exe INDICATOR_SUSPICIOUS_ReflectiveLoader C:\Windows\system\jdeHpmv.exe INDICATOR_SUSPICIOUS_ReflectiveLoader C:\Windows\system\liQaZxj.exe INDICATOR_SUSPICIOUS_ReflectiveLoader C:\Windows\system\MTWXvxU.exe INDICATOR_SUSPICIOUS_ReflectiveLoader -
UPX dump on OEP (original entry point) 60 IoCs
Processes:
resource yara_rule behavioral1/memory/2408-1-0x000000013F520000-0x000000013F874000-memory.dmp UPX \Windows\system\KRsnGIp.exe UPX behavioral1/memory/2428-8-0x000000013F7B0000-0x000000013FB04000-memory.dmp UPX \Windows\system\Fmluany.exe UPX behavioral1/memory/1400-14-0x000000013F400000-0x000000013F754000-memory.dmp UPX C:\Windows\system\HNyZcdp.exe UPX behavioral1/memory/2448-20-0x000000013F3A0000-0x000000013F6F4000-memory.dmp UPX \Windows\system\MHazAVm.exe UPX behavioral1/memory/2708-39-0x000000013F850000-0x000000013FBA4000-memory.dmp UPX C:\Windows\system\MTuArke.exe UPX behavioral1/memory/2668-41-0x000000013F1B0000-0x000000013F504000-memory.dmp UPX \Windows\system\NrnwHxH.exe UPX behavioral1/memory/2408-53-0x000000013F520000-0x000000013F874000-memory.dmp UPX \Windows\system\dWRxBRD.exe UPX behavioral1/memory/2760-48-0x000000013F550000-0x000000013F8A4000-memory.dmp UPX behavioral1/memory/2676-54-0x000000013F290000-0x000000013F5E4000-memory.dmp UPX behavioral1/memory/2616-34-0x000000013F0F0000-0x000000013F444000-memory.dmp UPX C:\Windows\system\sWVGekw.exe UPX \Windows\system\EUrfsaN.exe UPX behavioral1/memory/2428-61-0x000000013F7B0000-0x000000013FB04000-memory.dmp UPX behavioral1/memory/2532-65-0x000000013F0E0000-0x000000013F434000-memory.dmp UPX C:\Windows\system\uRgHevw.exe UPX behavioral1/memory/1400-71-0x000000013F400000-0x000000013F754000-memory.dmp UPX behavioral1/memory/2072-73-0x000000013F870000-0x000000013FBC4000-memory.dmp UPX \Windows\system\JzvYWRr.exe UPX behavioral1/memory/2560-83-0x000000013FEB0000-0x0000000140204000-memory.dmp UPX behavioral1/memory/2616-82-0x000000013F0F0000-0x000000013F444000-memory.dmp UPX behavioral1/memory/2448-75-0x000000013F3A0000-0x000000013F6F4000-memory.dmp UPX C:\Windows\system\moSTRNV.exe UPX behavioral1/memory/2864-89-0x000000013FDB0000-0x0000000140104000-memory.dmp UPX C:\Windows\system\STUaixh.exe UPX behavioral1/memory/2676-102-0x000000013F290000-0x000000013F5E4000-memory.dmp UPX behavioral1/memory/3024-104-0x000000013F9A0000-0x000000013FCF4000-memory.dmp UPX behavioral1/memory/3004-97-0x000000013F5A0000-0x000000013F8F4000-memory.dmp UPX C:\Windows\system\oDNGDhl.exe UPX \Windows\system\VvEnrlj.exe UPX C:\Windows\system\VDWBkMO.exe UPX C:\Windows\system\SxhIUhG.exe UPX C:\Windows\system\KopIdHg.exe UPX C:\Windows\system\jdeHpmv.exe UPX C:\Windows\system\liQaZxj.exe UPX behavioral1/memory/2760-96-0x000000013F550000-0x000000013F8A4000-memory.dmp UPX C:\Windows\system\MTWXvxU.exe UPX behavioral1/memory/2668-91-0x000000013F1B0000-0x000000013F504000-memory.dmp UPX behavioral1/memory/3004-145-0x000000013F5A0000-0x000000013F8F4000-memory.dmp UPX behavioral1/memory/3024-147-0x000000013F9A0000-0x000000013FCF4000-memory.dmp UPX behavioral1/memory/2428-148-0x000000013F7B0000-0x000000013FB04000-memory.dmp UPX behavioral1/memory/1400-149-0x000000013F400000-0x000000013F754000-memory.dmp UPX behavioral1/memory/2448-150-0x000000013F3A0000-0x000000013F6F4000-memory.dmp UPX behavioral1/memory/2708-151-0x000000013F850000-0x000000013FBA4000-memory.dmp UPX behavioral1/memory/2616-152-0x000000013F0F0000-0x000000013F444000-memory.dmp UPX behavioral1/memory/2668-153-0x000000013F1B0000-0x000000013F504000-memory.dmp UPX behavioral1/memory/2760-155-0x000000013F550000-0x000000013F8A4000-memory.dmp UPX behavioral1/memory/2676-154-0x000000013F290000-0x000000013F5E4000-memory.dmp UPX behavioral1/memory/2532-156-0x000000013F0E0000-0x000000013F434000-memory.dmp UPX behavioral1/memory/2072-157-0x000000013F870000-0x000000013FBC4000-memory.dmp UPX behavioral1/memory/2560-158-0x000000013FEB0000-0x0000000140204000-memory.dmp UPX behavioral1/memory/2864-159-0x000000013FDB0000-0x0000000140104000-memory.dmp UPX behavioral1/memory/3024-160-0x000000013F9A0000-0x000000013FCF4000-memory.dmp UPX behavioral1/memory/3004-161-0x000000013F5A0000-0x000000013F8F4000-memory.dmp UPX -
XMRig Miner payload 61 IoCs
Processes:
resource yara_rule behavioral1/memory/2408-1-0x000000013F520000-0x000000013F874000-memory.dmp xmrig \Windows\system\KRsnGIp.exe xmrig behavioral1/memory/2428-8-0x000000013F7B0000-0x000000013FB04000-memory.dmp xmrig \Windows\system\Fmluany.exe xmrig behavioral1/memory/1400-14-0x000000013F400000-0x000000013F754000-memory.dmp xmrig C:\Windows\system\HNyZcdp.exe xmrig behavioral1/memory/2448-20-0x000000013F3A0000-0x000000013F6F4000-memory.dmp xmrig \Windows\system\MHazAVm.exe xmrig behavioral1/memory/2708-39-0x000000013F850000-0x000000013FBA4000-memory.dmp xmrig C:\Windows\system\MTuArke.exe xmrig behavioral1/memory/2668-41-0x000000013F1B0000-0x000000013F504000-memory.dmp xmrig \Windows\system\NrnwHxH.exe xmrig behavioral1/memory/2408-53-0x000000013F520000-0x000000013F874000-memory.dmp xmrig \Windows\system\dWRxBRD.exe xmrig behavioral1/memory/2760-48-0x000000013F550000-0x000000013F8A4000-memory.dmp xmrig behavioral1/memory/2676-54-0x000000013F290000-0x000000013F5E4000-memory.dmp xmrig behavioral1/memory/2616-34-0x000000013F0F0000-0x000000013F444000-memory.dmp xmrig C:\Windows\system\sWVGekw.exe xmrig \Windows\system\EUrfsaN.exe xmrig behavioral1/memory/2428-61-0x000000013F7B0000-0x000000013FB04000-memory.dmp xmrig behavioral1/memory/2532-65-0x000000013F0E0000-0x000000013F434000-memory.dmp xmrig C:\Windows\system\uRgHevw.exe xmrig behavioral1/memory/1400-71-0x000000013F400000-0x000000013F754000-memory.dmp xmrig behavioral1/memory/2072-73-0x000000013F870000-0x000000013FBC4000-memory.dmp xmrig \Windows\system\JzvYWRr.exe xmrig behavioral1/memory/2560-83-0x000000013FEB0000-0x0000000140204000-memory.dmp xmrig behavioral1/memory/2616-82-0x000000013F0F0000-0x000000013F444000-memory.dmp xmrig behavioral1/memory/2448-75-0x000000013F3A0000-0x000000013F6F4000-memory.dmp xmrig C:\Windows\system\moSTRNV.exe xmrig behavioral1/memory/2864-89-0x000000013FDB0000-0x0000000140104000-memory.dmp xmrig C:\Windows\system\STUaixh.exe xmrig behavioral1/memory/2676-102-0x000000013F290000-0x000000013F5E4000-memory.dmp xmrig behavioral1/memory/3024-104-0x000000013F9A0000-0x000000013FCF4000-memory.dmp xmrig behavioral1/memory/3004-97-0x000000013F5A0000-0x000000013F8F4000-memory.dmp xmrig C:\Windows\system\oDNGDhl.exe xmrig \Windows\system\VvEnrlj.exe xmrig C:\Windows\system\VDWBkMO.exe xmrig C:\Windows\system\SxhIUhG.exe xmrig C:\Windows\system\KopIdHg.exe xmrig C:\Windows\system\jdeHpmv.exe xmrig C:\Windows\system\liQaZxj.exe xmrig behavioral1/memory/2760-96-0x000000013F550000-0x000000013F8A4000-memory.dmp xmrig C:\Windows\system\MTWXvxU.exe xmrig behavioral1/memory/2668-91-0x000000013F1B0000-0x000000013F504000-memory.dmp xmrig behavioral1/memory/2408-141-0x000000013F0E0000-0x000000013F434000-memory.dmp xmrig behavioral1/memory/3004-145-0x000000013F5A0000-0x000000013F8F4000-memory.dmp xmrig behavioral1/memory/3024-147-0x000000013F9A0000-0x000000013FCF4000-memory.dmp xmrig behavioral1/memory/2428-148-0x000000013F7B0000-0x000000013FB04000-memory.dmp xmrig behavioral1/memory/1400-149-0x000000013F400000-0x000000013F754000-memory.dmp xmrig behavioral1/memory/2448-150-0x000000013F3A0000-0x000000013F6F4000-memory.dmp xmrig behavioral1/memory/2708-151-0x000000013F850000-0x000000013FBA4000-memory.dmp xmrig behavioral1/memory/2616-152-0x000000013F0F0000-0x000000013F444000-memory.dmp xmrig behavioral1/memory/2668-153-0x000000013F1B0000-0x000000013F504000-memory.dmp xmrig behavioral1/memory/2760-155-0x000000013F550000-0x000000013F8A4000-memory.dmp xmrig behavioral1/memory/2676-154-0x000000013F290000-0x000000013F5E4000-memory.dmp xmrig behavioral1/memory/2532-156-0x000000013F0E0000-0x000000013F434000-memory.dmp xmrig behavioral1/memory/2072-157-0x000000013F870000-0x000000013FBC4000-memory.dmp xmrig behavioral1/memory/2560-158-0x000000013FEB0000-0x0000000140204000-memory.dmp xmrig behavioral1/memory/2864-159-0x000000013FDB0000-0x0000000140104000-memory.dmp xmrig behavioral1/memory/3024-160-0x000000013F9A0000-0x000000013FCF4000-memory.dmp xmrig behavioral1/memory/3004-161-0x000000013F5A0000-0x000000013F8F4000-memory.dmp xmrig -
Executes dropped EXE 21 IoCs
Processes:
KRsnGIp.exeFmluany.exeHNyZcdp.exeMHazAVm.exesWVGekw.exeMTuArke.exedWRxBRD.exeNrnwHxH.exeEUrfsaN.exeuRgHevw.exeJzvYWRr.exemoSTRNV.exeMTWXvxU.exeSTUaixh.exejdeHpmv.exeliQaZxj.exeKopIdHg.exeoDNGDhl.exeSxhIUhG.exeVDWBkMO.exeVvEnrlj.exepid process 2428 KRsnGIp.exe 1400 Fmluany.exe 2448 HNyZcdp.exe 2708 MHazAVm.exe 2616 sWVGekw.exe 2668 MTuArke.exe 2760 dWRxBRD.exe 2676 NrnwHxH.exe 2532 EUrfsaN.exe 2072 uRgHevw.exe 2560 JzvYWRr.exe 2864 moSTRNV.exe 3004 MTWXvxU.exe 3024 STUaixh.exe 2612 jdeHpmv.exe 2020 liQaZxj.exe 1636 KopIdHg.exe 1800 oDNGDhl.exe 300 SxhIUhG.exe 2456 VDWBkMO.exe 2688 VvEnrlj.exe -
Loads dropped DLL 21 IoCs
Processes:
2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exepid process 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe -
Processes:
resource yara_rule behavioral1/memory/2408-1-0x000000013F520000-0x000000013F874000-memory.dmp upx \Windows\system\KRsnGIp.exe upx behavioral1/memory/2428-8-0x000000013F7B0000-0x000000013FB04000-memory.dmp upx \Windows\system\Fmluany.exe upx behavioral1/memory/1400-14-0x000000013F400000-0x000000013F754000-memory.dmp upx C:\Windows\system\HNyZcdp.exe upx behavioral1/memory/2448-20-0x000000013F3A0000-0x000000013F6F4000-memory.dmp upx \Windows\system\MHazAVm.exe upx behavioral1/memory/2708-39-0x000000013F850000-0x000000013FBA4000-memory.dmp upx C:\Windows\system\MTuArke.exe upx behavioral1/memory/2668-41-0x000000013F1B0000-0x000000013F504000-memory.dmp upx \Windows\system\NrnwHxH.exe upx behavioral1/memory/2408-53-0x000000013F520000-0x000000013F874000-memory.dmp upx \Windows\system\dWRxBRD.exe upx behavioral1/memory/2760-48-0x000000013F550000-0x000000013F8A4000-memory.dmp upx behavioral1/memory/2676-54-0x000000013F290000-0x000000013F5E4000-memory.dmp upx behavioral1/memory/2616-34-0x000000013F0F0000-0x000000013F444000-memory.dmp upx C:\Windows\system\sWVGekw.exe upx \Windows\system\EUrfsaN.exe upx behavioral1/memory/2428-61-0x000000013F7B0000-0x000000013FB04000-memory.dmp upx behavioral1/memory/2532-65-0x000000013F0E0000-0x000000013F434000-memory.dmp upx C:\Windows\system\uRgHevw.exe upx behavioral1/memory/1400-71-0x000000013F400000-0x000000013F754000-memory.dmp upx behavioral1/memory/2072-73-0x000000013F870000-0x000000013FBC4000-memory.dmp upx \Windows\system\JzvYWRr.exe upx behavioral1/memory/2560-83-0x000000013FEB0000-0x0000000140204000-memory.dmp upx behavioral1/memory/2616-82-0x000000013F0F0000-0x000000013F444000-memory.dmp upx behavioral1/memory/2448-75-0x000000013F3A0000-0x000000013F6F4000-memory.dmp upx C:\Windows\system\moSTRNV.exe upx behavioral1/memory/2864-89-0x000000013FDB0000-0x0000000140104000-memory.dmp upx C:\Windows\system\STUaixh.exe upx behavioral1/memory/2676-102-0x000000013F290000-0x000000013F5E4000-memory.dmp upx behavioral1/memory/3024-104-0x000000013F9A0000-0x000000013FCF4000-memory.dmp upx behavioral1/memory/3004-97-0x000000013F5A0000-0x000000013F8F4000-memory.dmp upx C:\Windows\system\oDNGDhl.exe upx \Windows\system\VvEnrlj.exe upx C:\Windows\system\VDWBkMO.exe upx C:\Windows\system\SxhIUhG.exe upx C:\Windows\system\KopIdHg.exe upx C:\Windows\system\jdeHpmv.exe upx C:\Windows\system\liQaZxj.exe upx behavioral1/memory/2760-96-0x000000013F550000-0x000000013F8A4000-memory.dmp upx C:\Windows\system\MTWXvxU.exe upx behavioral1/memory/2668-91-0x000000013F1B0000-0x000000013F504000-memory.dmp upx behavioral1/memory/3004-145-0x000000013F5A0000-0x000000013F8F4000-memory.dmp upx behavioral1/memory/3024-147-0x000000013F9A0000-0x000000013FCF4000-memory.dmp upx behavioral1/memory/2428-148-0x000000013F7B0000-0x000000013FB04000-memory.dmp upx behavioral1/memory/1400-149-0x000000013F400000-0x000000013F754000-memory.dmp upx behavioral1/memory/2448-150-0x000000013F3A0000-0x000000013F6F4000-memory.dmp upx behavioral1/memory/2708-151-0x000000013F850000-0x000000013FBA4000-memory.dmp upx behavioral1/memory/2616-152-0x000000013F0F0000-0x000000013F444000-memory.dmp upx behavioral1/memory/2668-153-0x000000013F1B0000-0x000000013F504000-memory.dmp upx behavioral1/memory/2760-155-0x000000013F550000-0x000000013F8A4000-memory.dmp upx behavioral1/memory/2676-154-0x000000013F290000-0x000000013F5E4000-memory.dmp upx behavioral1/memory/2532-156-0x000000013F0E0000-0x000000013F434000-memory.dmp upx behavioral1/memory/2072-157-0x000000013F870000-0x000000013FBC4000-memory.dmp upx behavioral1/memory/2560-158-0x000000013FEB0000-0x0000000140204000-memory.dmp upx behavioral1/memory/2864-159-0x000000013FDB0000-0x0000000140104000-memory.dmp upx behavioral1/memory/3024-160-0x000000013F9A0000-0x000000013FCF4000-memory.dmp upx behavioral1/memory/3004-161-0x000000013F5A0000-0x000000013F8F4000-memory.dmp upx -
Drops file in Windows directory 21 IoCs
Processes:
2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exedescription ioc process File created C:\Windows\System\STUaixh.exe 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe File created C:\Windows\System\KRsnGIp.exe 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe File created C:\Windows\System\uRgHevw.exe 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe File created C:\Windows\System\EUrfsaN.exe 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe File created C:\Windows\System\VDWBkMO.exe 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe File created C:\Windows\System\Fmluany.exe 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe File created C:\Windows\System\NrnwHxH.exe 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe File created C:\Windows\System\sWVGekw.exe 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe File created C:\Windows\System\JzvYWRr.exe 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe File created C:\Windows\System\moSTRNV.exe 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe File created C:\Windows\System\jdeHpmv.exe 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe File created C:\Windows\System\liQaZxj.exe 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe File created C:\Windows\System\oDNGDhl.exe 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe File created C:\Windows\System\HNyZcdp.exe 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe File created C:\Windows\System\MTuArke.exe 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe File created C:\Windows\System\MTWXvxU.exe 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe File created C:\Windows\System\KopIdHg.exe 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe File created C:\Windows\System\SxhIUhG.exe 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe File created C:\Windows\System\VvEnrlj.exe 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe File created C:\Windows\System\MHazAVm.exe 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe File created C:\Windows\System\dWRxBRD.exe 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exedescription pid process Token: SeLockMemoryPrivilege 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe Token: SeLockMemoryPrivilege 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe -
Suspicious use of WriteProcessMemory 63 IoCs
Processes:
2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exedescription pid process target process PID 2408 wrote to memory of 2428 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe KRsnGIp.exe PID 2408 wrote to memory of 2428 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe KRsnGIp.exe PID 2408 wrote to memory of 2428 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe KRsnGIp.exe PID 2408 wrote to memory of 1400 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe Fmluany.exe PID 2408 wrote to memory of 1400 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe Fmluany.exe PID 2408 wrote to memory of 1400 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe Fmluany.exe PID 2408 wrote to memory of 2448 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe HNyZcdp.exe PID 2408 wrote to memory of 2448 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe HNyZcdp.exe PID 2408 wrote to memory of 2448 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe HNyZcdp.exe PID 2408 wrote to memory of 2708 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe MHazAVm.exe PID 2408 wrote to memory of 2708 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe MHazAVm.exe PID 2408 wrote to memory of 2708 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe MHazAVm.exe PID 2408 wrote to memory of 2668 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe MTuArke.exe PID 2408 wrote to memory of 2668 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe MTuArke.exe PID 2408 wrote to memory of 2668 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe MTuArke.exe PID 2408 wrote to memory of 2616 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe sWVGekw.exe PID 2408 wrote to memory of 2616 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe sWVGekw.exe PID 2408 wrote to memory of 2616 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe sWVGekw.exe PID 2408 wrote to memory of 2760 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe dWRxBRD.exe PID 2408 wrote to memory of 2760 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe dWRxBRD.exe PID 2408 wrote to memory of 2760 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe dWRxBRD.exe PID 2408 wrote to memory of 2676 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe NrnwHxH.exe PID 2408 wrote to memory of 2676 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe NrnwHxH.exe PID 2408 wrote to memory of 2676 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe NrnwHxH.exe PID 2408 wrote to memory of 2532 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe EUrfsaN.exe PID 2408 wrote to memory of 2532 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe EUrfsaN.exe PID 2408 wrote to memory of 2532 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe EUrfsaN.exe PID 2408 wrote to memory of 2072 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe uRgHevw.exe PID 2408 wrote to memory of 2072 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe uRgHevw.exe PID 2408 wrote to memory of 2072 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe uRgHevw.exe PID 2408 wrote to memory of 2560 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe JzvYWRr.exe PID 2408 wrote to memory of 2560 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe JzvYWRr.exe PID 2408 wrote to memory of 2560 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe JzvYWRr.exe PID 2408 wrote to memory of 2864 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe moSTRNV.exe PID 2408 wrote to memory of 2864 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe moSTRNV.exe PID 2408 wrote to memory of 2864 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe moSTRNV.exe PID 2408 wrote to memory of 3004 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe MTWXvxU.exe PID 2408 wrote to memory of 3004 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe MTWXvxU.exe PID 2408 wrote to memory of 3004 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe MTWXvxU.exe PID 2408 wrote to memory of 3024 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe STUaixh.exe PID 2408 wrote to memory of 3024 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe STUaixh.exe PID 2408 wrote to memory of 3024 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe STUaixh.exe PID 2408 wrote to memory of 2612 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe jdeHpmv.exe PID 2408 wrote to memory of 2612 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe jdeHpmv.exe PID 2408 wrote to memory of 2612 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe jdeHpmv.exe PID 2408 wrote to memory of 2020 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe liQaZxj.exe PID 2408 wrote to memory of 2020 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe liQaZxj.exe PID 2408 wrote to memory of 2020 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe liQaZxj.exe PID 2408 wrote to memory of 1636 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe KopIdHg.exe PID 2408 wrote to memory of 1636 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe KopIdHg.exe PID 2408 wrote to memory of 1636 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe KopIdHg.exe PID 2408 wrote to memory of 1800 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe oDNGDhl.exe PID 2408 wrote to memory of 1800 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe oDNGDhl.exe PID 2408 wrote to memory of 1800 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe oDNGDhl.exe PID 2408 wrote to memory of 300 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe SxhIUhG.exe PID 2408 wrote to memory of 300 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe SxhIUhG.exe PID 2408 wrote to memory of 300 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe SxhIUhG.exe PID 2408 wrote to memory of 2456 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe VDWBkMO.exe PID 2408 wrote to memory of 2456 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe VDWBkMO.exe PID 2408 wrote to memory of 2456 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe VDWBkMO.exe PID 2408 wrote to memory of 2688 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe VvEnrlj.exe PID 2408 wrote to memory of 2688 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe VvEnrlj.exe PID 2408 wrote to memory of 2688 2408 2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe VvEnrlj.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe"C:\Users\Admin\AppData\Local\Temp\2024-06-08_9a7ebb724342a0f26bc653cee9c1c348_cobalt-strike_cobaltstrike.exe"1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2408 -
C:\Windows\System\KRsnGIp.exeC:\Windows\System\KRsnGIp.exe2⤵
- Executes dropped EXE
PID:2428 -
C:\Windows\System\Fmluany.exeC:\Windows\System\Fmluany.exe2⤵
- Executes dropped EXE
PID:1400 -
C:\Windows\System\HNyZcdp.exeC:\Windows\System\HNyZcdp.exe2⤵
- Executes dropped EXE
PID:2448 -
C:\Windows\System\MHazAVm.exeC:\Windows\System\MHazAVm.exe2⤵
- Executes dropped EXE
PID:2708 -
C:\Windows\System\MTuArke.exeC:\Windows\System\MTuArke.exe2⤵
- Executes dropped EXE
PID:2668 -
C:\Windows\System\sWVGekw.exeC:\Windows\System\sWVGekw.exe2⤵
- Executes dropped EXE
PID:2616 -
C:\Windows\System\dWRxBRD.exeC:\Windows\System\dWRxBRD.exe2⤵
- Executes dropped EXE
PID:2760 -
C:\Windows\System\NrnwHxH.exeC:\Windows\System\NrnwHxH.exe2⤵
- Executes dropped EXE
PID:2676 -
C:\Windows\System\EUrfsaN.exeC:\Windows\System\EUrfsaN.exe2⤵
- Executes dropped EXE
PID:2532 -
C:\Windows\System\uRgHevw.exeC:\Windows\System\uRgHevw.exe2⤵
- Executes dropped EXE
PID:2072 -
C:\Windows\System\JzvYWRr.exeC:\Windows\System\JzvYWRr.exe2⤵
- Executes dropped EXE
PID:2560 -
C:\Windows\System\moSTRNV.exeC:\Windows\System\moSTRNV.exe2⤵
- Executes dropped EXE
PID:2864 -
C:\Windows\System\MTWXvxU.exeC:\Windows\System\MTWXvxU.exe2⤵
- Executes dropped EXE
PID:3004 -
C:\Windows\System\STUaixh.exeC:\Windows\System\STUaixh.exe2⤵
- Executes dropped EXE
PID:3024 -
C:\Windows\System\jdeHpmv.exeC:\Windows\System\jdeHpmv.exe2⤵
- Executes dropped EXE
PID:2612 -
C:\Windows\System\liQaZxj.exeC:\Windows\System\liQaZxj.exe2⤵
- Executes dropped EXE
PID:2020 -
C:\Windows\System\KopIdHg.exeC:\Windows\System\KopIdHg.exe2⤵
- Executes dropped EXE
PID:1636 -
C:\Windows\System\oDNGDhl.exeC:\Windows\System\oDNGDhl.exe2⤵
- Executes dropped EXE
PID:1800 -
C:\Windows\System\SxhIUhG.exeC:\Windows\System\SxhIUhG.exe2⤵
- Executes dropped EXE
PID:300 -
C:\Windows\System\VDWBkMO.exeC:\Windows\System\VDWBkMO.exe2⤵
- Executes dropped EXE
PID:2456 -
C:\Windows\System\VvEnrlj.exeC:\Windows\System\VvEnrlj.exe2⤵
- Executes dropped EXE
PID:2688
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5.9MB
MD585585875add30e97f25d8d14d5cd72e5
SHA106649941f8b243d29f6ead634606f4e4182da752
SHA25624005614c9338e9b56f91f16e0920b32d8c8f89316199707b6e33181d52a0024
SHA512f9b674cc5a4d9a6f7c0cce53ac135a1f74158514befff58e3ddf502ec8176fbea6ecd03e5e9d23c64b6e975f08b80982496f4c9587108491aa6340ba8b1155a8
-
Filesize
5.9MB
MD5bd1bdac0203d6b0ba100705a6c9c5253
SHA1fc40cd871a1a39b899cbf13732b55cd2bd37081a
SHA25690fb2de7f9da26edae021e23be01af43a5ed2952b0077f20c1cce2df45e44bcb
SHA5122f566f04e7374f17c46ae341d48d5524f224bd717fd8f8ee7afe1afd9959e8e28d59375dc4dd4a2ccf45558ed8e77892fea93949c8905c4155cad55d3743111d
-
Filesize
5.9MB
MD5c4cb3441c964c9bb75df30dd2c0dc975
SHA14eab1eae5c1bed3fb9f27883315a674b552fdb56
SHA256f7ccc35689b0edf5bdcceab2f859144fd72b38294034376a143d5a1417b04f46
SHA512b05e6e978091cbe94b32a776e0adedf54cf560fdfd2016a42088e44c39fc7c5553adf815c889b9b70e479d8539b3dbd1044624d6636a3e4d8875be0f50d4ed90
-
Filesize
5.9MB
MD5b735803980c4ec1e6ee6a012e692f828
SHA11e71f30067b32d2dce85f8b95431ad69d8fbb5c9
SHA256bbe1d4dfa4a6ddc7697efd0583fcc31dbf52fed45259786f22192ddad9ebfdb1
SHA5126fa479a89289a2831d24789b704d61fd3a122773de02fa5869f3043a6756fc29179705680e9161385c217337b4efa80d2bf01c458f85946d7dfdfdcd0d3ce694
-
Filesize
5.9MB
MD5d9e64f6496388657f56b2a69bb2cdd9e
SHA1d23c56377494f3b12cede6ea1e6cfe34842e7add
SHA2568c2155f4c119bf5bf475a59163f6b76469bf8400b0d236ac0df111655055bc41
SHA512b05ae19b88937c8c631bcf01c9611ce3629227d6c63becaa6df561e8763d06da94657d08a6a90162fd2922388bc2daca3b3b480ec7825d3fc2a5b79f05e49a5d
-
Filesize
5.9MB
MD55f768581c87df40d483cb12e20f70f53
SHA158285bebce27e5cc90340ca2560fe4fa42af753a
SHA256cc4904862146d7cf39bd602229377f31f69d193f724b1e483de0ee54d27e605b
SHA5120a026ca11536d2430d8ef2cdc50051304298bae7d317666f1bda65dd42c2d105a191f6d162effeff805a6fa31926f7fbc50c264506be734f5b5b654ea5048cb9
-
Filesize
5.9MB
MD5babae703e86666b3e0a12a9fdc747f5c
SHA1c2eb9533bba4f5d9441daa56eb99a078520f90ec
SHA256348ad98016bf0e1e270bc83d4c8dc7978335967bb312ccd50d792d818e3c76cf
SHA51212f3db2c3dc8bcbc533cba379c5b159a8b14a7dc8eea85f6fb714428e569ab4af22e0355d7392011e799dc8ee66fc03611ca6faa1c0731ba80e2e29e223b14fe
-
Filesize
5.9MB
MD5e10a6ac50359a946c328fc9f72993127
SHA1925b975aeb136c328537be5181f7a1aaffaf6144
SHA2568ead03fb7de7eebf921bc0cb02d2b81dbebf0d8dea9eefacaede45db25be2f3f
SHA5128554349afcd005b997c0f1693972c4539e68d57cb4f124e9ac9e84164222f706ba3929eba40d68d2ff3102f61930605e5d0c38219de641f1d9845656b3716eb6
-
Filesize
5.9MB
MD547c68f550d0b23b35a0397243d838be0
SHA151d71b5c4f6e134fd6d3626eda17491d5fa5940d
SHA256f54fff8b7dd63bcc94f09e2590be26d1e9bf1605544d670746d25be63549b53f
SHA51247676aece93abbe5dcadcf1ac69b0e11a48c239c22fdb4512632529a56ea1d8c63c870c74653aedeaa4430853dd12cea0b47e2f01e3dc14b284c68cec9b1f9d2
-
Filesize
5.9MB
MD5ce502276be4d478b05dc3dc19098f0b9
SHA191c50964a1df7f46002b96831ceb5204933edb9e
SHA256b526e663c7d616d72d72b894a06b19a87d101e7b7b96a1646cfade9bcaa6a388
SHA51245c0bccee6fe5014ec8aeef75a12d577b3d02ba20585d1e1d4f92a17356b5f9d5c0974f7f38e0d2e53301e303d73e049c27c19107c1650320da0e9adda721200
-
Filesize
5.9MB
MD5687d2c4d4cc69ed00337394a36fed61f
SHA14bfeb8b6e1c9d2ec1d8c8522a0add7e40a10db8f
SHA2568f6bb7760b25e8411d41ba65b07de53996b100cb74f3378cd90027f215836110
SHA512780dcf0d2f8be1d7d65670e8e78e1f2f5fe20e381f9af718e212bfafcbb26785921ad2a9b5ca9849f4a22b4ad32a9318dc3d151de8d5d933a874b8d88bec3d75
-
Filesize
5.9MB
MD575f1686716333cd3368d20e43b19297a
SHA1c30c5e5731325539550bb562a6e3cda120c784c7
SHA2561dd3f80d81169e05e1d57f6e3a737d7bca598d953506348dc3f2c3eb4a9b22f5
SHA5120bdb0eb7659a826f53990a2dd5d387a51b4195bca59b083515e461de320b3cb7c6ecf7491fc4faf95dbc989a8189d8449224e83d2a7c318b75c39c68e77f5977
-
Filesize
5.9MB
MD569d06a79b789e302ea8eb4107a2102ea
SHA1f1e3dab0901cb67bd533d2f0834a7711e69b6523
SHA25616cc785761f334a50e16e84373ed0ec18c581316fef7244434965ac45feea082
SHA512661377a9b5d1c5264443c788619cbb2527315b3c96a02e7b8a88448a6a639c0bbbccba48886f4ee99438be72985a897c948032f39b3ab8cd8c45454650c2f4c4
-
Filesize
5.9MB
MD5809c58fbdb7ca5c84056ba0a0dc47d57
SHA1fe3c6687eb78bd32c21aa086833584767097f40a
SHA25639815ba4321fb548565443b7e95072d604840c75df3b11dc3462d0e3ce3cf6a9
SHA5122cae3c5ab4c94277e01dfcc8988cf1a4cd4c45e0a4adb4417f810afa4c49d054ae47b3289d29024b7434957062d0305ae911c83b821d8ea4c52619cb98035bde
-
Filesize
5.9MB
MD5a814f8248ab21a6ff5c063c377a885bf
SHA1b2cd121f98d021d3f496857be72053005ad68019
SHA256681d5fc5e2e535ae473602c0e1c3a8fe48703595c1b07777ed0d126d5e3e7dc6
SHA5120f122518f14ef9ad12e6e93df3a2cf13428ba62b3babd5f4dadfea88b6252e6d373ce9b450a2cc7005f076bb2c67fdcbdeb247cc7573819ab76140ff57cedac6
-
Filesize
5.9MB
MD50279b302254494724e4250c02afba26f
SHA1e5d7229af814d7eb8009643e2162a53ae36da30f
SHA256040799ddb5192a3befc2befa44371a84ff01792945cd1b7f8a282bf67ee26c81
SHA512c169f74cb6a390246e8388acd4f1a4efa854ba2a556b9b6c9112185cf5b272a496b5515b0c4064aa7b2da574675586b8008622c470a0e64aa7f48b22bb3fec8b
-
Filesize
5.9MB
MD5e1a31a251b709fcc75609b8d955b029a
SHA1c34dacd2ea6bd2d386c1575fabf6053ce5971d23
SHA2560e29fba91b7a148248795f641cea541d54d6836cd0dc274fc22effad19dcea87
SHA512ba292cc113d00bf52be61fe93772f9f295824500ab9fc5f7ab04eb9be3b1fd68871b62be19e3af08dc374e49901eca9fdf1de0b62335c43e11fc70ee93a0c64a
-
Filesize
5.9MB
MD56d32464e329d724b818a42f9b6b16ba3
SHA1e214133098cc636f25cc176c6bb9d528e873703d
SHA25621a5efaf8680445e2e5c29353cfc39aaac2b0b97adfb97b9e114d6bd2b3029e8
SHA512effa99c2edec67e3dd4aa49ed1dbff5892f5e8eaca3e930cde429de8fadf9677d2fe06720388927c53abb52d22145c2fe1ab0a921c3c4bd354a783fe25270a5b
-
Filesize
5.9MB
MD5cc66e388489d1891e84f554728672fd9
SHA1e1402ac2e3034b214d4b2e811c2b2bb74ecf72a8
SHA2569e78ba37edf4610c593ab10a39da66495e2b5b91612e8049154492af4d9d800e
SHA512839b3d77f7da1aa0995311c647f030a7f899e6970a52168aa4fdb4978c3aaef67c7cc9ac76fe978ce4f20c71d274fcfea31bc0a9640b5c1c81a33b9a2c591edf
-
Filesize
5.9MB
MD5aaee5ccafd104f2d525674a4372fb775
SHA1047582b02cf846c1dd2ea25155e149162b63cd94
SHA2568daaf03238aaf488ca21d30b74d810e3493627cc972c9b9d9edce3bcf64f6ff5
SHA5127fa1397a7ecf1faf9bc4e1b3de99fa26406a4700dbd0c2de653c7f65e5fdc7eccc96958ffe6cb458e2024a75d0280ca3190eb548bb9a56d3aa3eb4813641d0c0
-
Filesize
5.9MB
MD56203d28a7a9b7a28063ff3b50135b397
SHA1f8d3bfe72cb67e33e5a3b5a5c2deac00c4c12595
SHA256237530c2ec4877973457790b169123daf61a1ab34040d4b1f15e2898c1a1a575
SHA512d39c3a7f74706e67cc076683ba879378810c3cc9f501cd2f9cb271c7de82f9f55c9900d1497d11ddea2194a62a9b3fe2fc9dc7ac349731b3bd28f4043c229c79