Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
26-06-2024 09:05
Static task
static1
Behavioral task
behavioral1
Sample
ce27cf957c2afe4a82588f64433b478538c7585f03d2dabde6263369636e083e.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
ce27cf957c2afe4a82588f64433b478538c7585f03d2dabde6263369636e083e.exe
Resource
win10v2004-20240611-en
General
-
Target
ce27cf957c2afe4a82588f64433b478538c7585f03d2dabde6263369636e083e.exe
-
Size
19KB
-
MD5
5efccd640e9f9de0e50e69feb35fdc54
-
SHA1
475772b72756b2dedf83a0f95143ada451f30e44
-
SHA256
ce27cf957c2afe4a82588f64433b478538c7585f03d2dabde6263369636e083e
-
SHA512
d68231232776f1a21c463802cb0a500f58cb03242ba4dd913fa4d557f4241ca134359527cab707c7580cc56eaf0ebe59b8bf36969570a5d05b56071d9bcff677
-
SSDEEP
192:7V7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2n1ZMT3nSBm/WF8qa1Dojjgi:VqaCF31cix+Dc4zjSnMT3Sc+FF46gi
Malware Config
Extracted
cobaltstrike
http://47.113.227.139:80/bootstrap-2.min.js
-
user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0)
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
Processes
-
C:\Users\Admin\AppData\Local\Temp\ce27cf957c2afe4a82588f64433b478538c7585f03d2dabde6263369636e083e.exe"C:\Users\Admin\AppData\Local\Temp\ce27cf957c2afe4a82588f64433b478538c7585f03d2dabde6263369636e083e.exe"1⤵PID:1748
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4544,i,8660989700097327804,17931739887231169645,262144 --variations-seed-version --mojo-platform-channel-handle=4256 /prefetch:81⤵PID:1844