Analysis
-
max time kernel
149s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
09-06-2024 04:33
Static task
static1
Behavioral task
behavioral1
Sample
afab205ca808920f6e155d79a670ebbbf79245b801ef942eb600e9928c92da85.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
afab205ca808920f6e155d79a670ebbbf79245b801ef942eb600e9928c92da85.exe
Resource
win10v2004-20240226-en
General
-
Target
afab205ca808920f6e155d79a670ebbbf79245b801ef942eb600e9928c92da85.exe
-
Size
19KB
-
MD5
19d43eab85bbe89c2ee6e22b665c148e
-
SHA1
816cacf869b836e8d63452f7a7351638eb891c7c
-
SHA256
afab205ca808920f6e155d79a670ebbbf79245b801ef942eb600e9928c92da85
-
SHA512
0133abed10d0d8ca6488f5fbaa499c7f4769cd1bc31a6fd25f7938e825620dca7d4a3fd8466b4be4be50d214cd59e7ec26dfe906a743376420ee73521408b433
-
SSDEEP
192:zV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2SY/f2iWF8qa1Dojjgi:dqaCF31cix+Dc4zjRY/fWFF46gi
Malware Config
Extracted
cobaltstrike
http://192.168.35.53:8080/zAKW
-
user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; Avant Browser)
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
Processes
-
C:\Users\Admin\AppData\Local\Temp\afab205ca808920f6e155d79a670ebbbf79245b801ef942eb600e9928c92da85.exe"C:\Users\Admin\AppData\Local\Temp\afab205ca808920f6e155d79a670ebbbf79245b801ef942eb600e9928c92da85.exe"1⤵PID:3152
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4124 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:81⤵PID:2468