Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
27-06-2024 03:35
Static task
static1
Behavioral task
behavioral1
Sample
5dfd0492813ee56773a5b20f2fda80090cb32e75c07c7211da9d26d9ad408e8f.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
5dfd0492813ee56773a5b20f2fda80090cb32e75c07c7211da9d26d9ad408e8f.exe
Resource
win10v2004-20240508-en
General
-
Target
5dfd0492813ee56773a5b20f2fda80090cb32e75c07c7211da9d26d9ad408e8f.exe
-
Size
19KB
-
MD5
cfb696669c267a83b0cf18837f0777eb
-
SHA1
d9aa7fa988cceeafa8e0058c0b3d0d3e39bc01c5
-
SHA256
5dfd0492813ee56773a5b20f2fda80090cb32e75c07c7211da9d26d9ad408e8f
-
SHA512
fc9c6bf0ac8a7bee636718cfd507e2b5914f39653c0ff72064540fafd20d596e773888bfd2a7ae8e8d7fc89eca6617c5b1252b854c1081e2f4a606ebc237956c
-
SSDEEP
192:YV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2pSiWF8qa1Dojjgi:KqaCF31cix+Dc4zjdbFF46gi
Malware Config
Extracted
cobaltstrike
http://103.179.243.198:8848/9Hht
-
user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; Avant Browser)
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
Processes
-
C:\Users\Admin\AppData\Local\Temp\5dfd0492813ee56773a5b20f2fda80090cb32e75c07c7211da9d26d9ad408e8f.exe"C:\Users\Admin\AppData\Local\Temp\5dfd0492813ee56773a5b20f2fda80090cb32e75c07c7211da9d26d9ad408e8f.exe"1⤵PID:1600
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3644,i,14648456027158448592,4956305794400220180,262144 --variations-seed-version --mojo-platform-channel-handle=4032 /prefetch:81⤵PID:3952