Overview
overview
10Static
static
8ProgramDat...vg.exe
windows7-x64
10ProgramDat...vg.exe
windows10-2004-x64
10Users/Public/4123.dll
windows7-x64
10Users/Public/4123.dll
windows10-2004-x64
10Users/Publ...3.xlsb
windows7-x64
1Users/Publ...3.xlsb
windows10-2004-x64
1Users/wilm...mp.dll
windows7-x64
10Users/wilm...mp.dll
windows10-2004-x64
10Users/wilm...3.xlsb
windows7-x64
10Users/wilm...3.xlsb
windows10-2004-x64
10Windows/Te...64.exe
windows7-x64
1Windows/Te...64.exe
windows10-2004-x64
1Windows/Te...64.exe
windows7-x64
7Windows/Te...64.exe
windows10-2004-x64
1Windows/Te...64.exe
windows7-x64
7Windows/Te...64.exe
windows10-2004-x64
7Analysis
-
max time kernel
132s -
max time network
144s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
27-06-2024 11:22
Behavioral task
behavioral1
Sample
ProgramData/huqvg/huqvg.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ProgramData/huqvg/huqvg.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
Users/Public/4123.dll
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
Users/Public/4123.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral5
Sample
Users/Public/4123.xlsb
Resource
win7-20240611-en
Behavioral task
behavioral6
Sample
Users/Public/4123.xlsb
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
Users/wilmer.coughlin/AppData/Local/Temp/C618.tmp.dll
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
Users/wilmer.coughlin/AppData/Local/Temp/C618.tmp.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
Users/wilmer.coughlin/Downloads/subscription_1617056233.xlsb
Resource
win7-20240611-en
Behavioral task
behavioral10
Sample
Users/wilmer.coughlin/Downloads/subscription_1617056233.xlsb
Resource
win10v2004-20240611-en
Behavioral task
behavioral11
Sample
Windows/Temp/adf/anchorAsjuster_x64.exe
Resource
win7-20240508-en
Behavioral task
behavioral12
Sample
Windows/Temp/adf/anchorAsjuster_x64.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral13
Sample
Windows/Temp/adf/anchorDNS_x64.exe
Resource
win7-20240419-en
Behavioral task
behavioral14
Sample
Windows/Temp/adf/anchorDNS_x64.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral15
Sample
Windows/Temp/adf/anchor_x64.exe
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
Windows/Temp/adf/anchor_x64.exe
Resource
win10v2004-20240611-en
General
-
Target
Users/wilmer.coughlin/AppData/Local/Temp/C618.tmp.dll
-
Size
292KB
-
MD5
9abf8579ed3b6e5d3d43b408509a53db
-
SHA1
63ee039a478e23a505bc889cc74e7693ebe51891
-
SHA256
cc74f7e82eb33a14ffdea343a8975d8a81be151ffcb753cb3f3be10242c8a252
-
SHA512
878add89cc7fc1d88f66c0704a66c202191382e4206e6e156f5bf0205d9b136d341c38686dc7d4a36615cfc45937841b30bcbc1b1036084bcce2e8501c6903ce
-
SSDEEP
6144:lV9H07z+CLXF0AYlHsGSD5E4Ck2oh66/px:lzHqtLyAtG0Ck2ozv
Malware Config
Extracted
cobaltstrike
http://217.12.218.46:80/YPbR
-
user_agent
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Blocklisted process makes network request 7 IoCs
flow pid Process 3 1940 rundll32.exe 6 1940 rundll32.exe 8 1940 rundll32.exe 9 1940 rundll32.exe 10 1940 rundll32.exe 11 1940 rundll32.exe 12 1940 rundll32.exe