Analysis
-
max time kernel
125s -
max time network
131s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
-
submitted
14/06/2024, 10:22
General
-
Target
1211224390edcb65bdfe009019d41d0a3e7a9a817a2b147ef483f454dd2b97f5.exe
-
Size
209KB
-
MD5
24a9275b6d0ddbf2e512ea34ab10a45d
-
SHA1
bf07f4552b0a22cde584762679373856e5f29f79
-
SHA256
1211224390edcb65bdfe009019d41d0a3e7a9a817a2b147ef483f454dd2b97f5
-
SHA512
3811a7dd3b371abc406af0dcadb086390ffb5dbd51f5eea5f071a3e474929b47cc4e75e5d32ece230a012ccb68ec097a24779b39fa46290587b83845aad84034
-
SSDEEP
6144:Tn/MDyELmnRGPlczidgoS8lMSDpcJJJ655ZZoMTh:D/MDysoRGGidD
Score
10/10
Malware Config
Extracted
Family
cobaltstrike
C2
http://127.0.0.1:30027/PzNE
Attributes
-
user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENUS)
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
Processes
-
C:\Users\Admin\AppData\Local\Temp\1211224390edcb65bdfe009019d41d0a3e7a9a817a2b147ef483f454dd2b97f5.exe"C:\Users\Admin\AppData\Local\Temp\1211224390edcb65bdfe009019d41d0a3e7a9a817a2b147ef483f454dd2b97f5.exe"1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4132,i,3671441404766730751,12082497324212183132,262144 --variations-seed-version --mojo-platform-channel-handle=3492 /prefetch:81⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
316KB