Analysis
-
max time kernel
148s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
26-06-2024 22:22
Behavioral task
behavioral1
Sample
7f268f270af2bc87840bb89758dda61e73df5166fac1a0946b8c6322cb13f463.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
7f268f270af2bc87840bb89758dda61e73df5166fac1a0946b8c6322cb13f463.exe
Resource
win10v2004-20240508-en
General
-
Target
7f268f270af2bc87840bb89758dda61e73df5166fac1a0946b8c6322cb13f463.exe
-
Size
3.6MB
-
MD5
72cf43e4c7af5cab216c40461fff80f5
-
SHA1
bd0a07df283d22301e4152bbd09f657fc8cc7238
-
SHA256
7f268f270af2bc87840bb89758dda61e73df5166fac1a0946b8c6322cb13f463
-
SHA512
6a8f8d96fbb68372dbad3f4a3f4adb7b3c513d2fb12fef739f55a2743cfaf4c4388672dcb4e9fe9acf2644fe2369ab8ac1791d42bf839b5c5f78589798e55fe1
-
SSDEEP
98304:vMWFK+EW84cufR5N15QhU5pyl/fuYdGGtxFZKUWXI0J:vrA4cufR5v5QhmGuVaxFZKUWY0
Malware Config
Extracted
cobaltstrike
http://101.35.173.226:10890/V1hn
-
user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; MDDCJS)
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Loads dropped DLL 2 IoCs
Processes:
7f268f270af2bc87840bb89758dda61e73df5166fac1a0946b8c6322cb13f463.exepid process 4348 7f268f270af2bc87840bb89758dda61e73df5166fac1a0946b8c6322cb13f463.exe 4348 7f268f270af2bc87840bb89758dda61e73df5166fac1a0946b8c6322cb13f463.exe -
Suspicious use of WriteProcessMemory 2 IoCs
Processes:
7f268f270af2bc87840bb89758dda61e73df5166fac1a0946b8c6322cb13f463.exedescription pid process target process PID 3384 wrote to memory of 4348 3384 7f268f270af2bc87840bb89758dda61e73df5166fac1a0946b8c6322cb13f463.exe 7f268f270af2bc87840bb89758dda61e73df5166fac1a0946b8c6322cb13f463.exe PID 3384 wrote to memory of 4348 3384 7f268f270af2bc87840bb89758dda61e73df5166fac1a0946b8c6322cb13f463.exe 7f268f270af2bc87840bb89758dda61e73df5166fac1a0946b8c6322cb13f463.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\7f268f270af2bc87840bb89758dda61e73df5166fac1a0946b8c6322cb13f463.exe"C:\Users\Admin\AppData\Local\Temp\7f268f270af2bc87840bb89758dda61e73df5166fac1a0946b8c6322cb13f463.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3384 -
C:\Users\Admin\AppData\Local\Temp\7f268f270af2bc87840bb89758dda61e73df5166fac1a0946b8c6322cb13f463.exe"C:\Users\Admin\AppData\Local\Temp\7f268f270af2bc87840bb89758dda61e73df5166fac1a0946b8c6322cb13f463.exe"2⤵
- Loads dropped DLL
PID:4348
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1012B
MD5d555b8701399d1321224301eb1406b28
SHA123bb3e011e5292be289b5c34c2eaa212369d0118
SHA2565ba176b93e8e4a59f8867e14776d635c7bf924f262f7187febdc53334a5e6694
SHA512325ffc64a500c5470656a9f745c9a3d712c3ad7f92b1f153f26e67b5c05f3da4bf57b1ce618ffbdf91de69258ddf2b4645d09293f6232ca53926ab7bd8491234
-
Filesize
3.2MB
MD54815ee7d57479791d7bf6bbdcff1649b
SHA13645bc481e0c8c76a7d74342d196e9f55c762637
SHA25660e9cfbb62bbae5164ddb73082370900a435ef591222caaa0b352b8eaa26600e
SHA5127d131238d176854d61fa13750d0a47aa03d84b3a1f51cfdd1f0e5033efbec7984fa88decf8b7a2ffb9c96eb545fc492bfd57ffaaa97e9e2b6b637834fbceae6f
-
Filesize
119KB
MD53935ef74c5f36eda2b9f156d467bc1f6
SHA12a40c66a8d364640f3f1fb97641c516661912191
SHA256ae04c9ca90c317a2ab9a4a95e795ef6677adeb7151c58bea3e31371dc9607518
SHA512eefe08daa387fd95dea34c00c551c4fb2bddbca87ee38ef7172b3442814b17343bf86d392455e383c7e2ca2dbedb1df635cefd89c59070d1052c1d5524669668