Overview

overview

10

Static

static

3

5c629c71d1...a5.exe

windows7-x64

10

5c629c71d1...a5.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    124s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    26-08-2024 08:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5c629c71d17cd6327f50764fc2d087c003b8ca66c9d5e2fd609b1b6a6bc7aba5.exe

  • Size

    5KB

  • MD5

    a799ceb9e32e2e718501e1cc284bfd6b

  • SHA1

    1cf4fcd57dcca45b7a2fe3f973c4ddc70c0b2824

  • SHA256

    5c629c71d17cd6327f50764fc2d087c003b8ca66c9d5e2fd609b1b6a6bc7aba5

  • SHA512

    c846a224c1b89bcaa8b9690600e26f15653defecf2d69458402fb275c1391a54743540fc1a4c1424c31f4b825a904b2f7de9b355ead0a63abd9f9bb29ee13382

  • SSDEEP

    48:6cNQ32W3mHqwiBlVS1hDip/naMqEVHS8y1JRm8Qq+0lI0bmlqcCOulKa3uqXSfbi:5a32WxAXo/naMqERq+0lTbmgsKOzNt

Score
10/10
cobaltstrikebackdoortrojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://101.201.117.192:8008/nQVH

Attributes
  • user_agent

    User-Agent: Mozilla/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko

Signatures

  • Cobaltstrike

    Detected malicious payload which is part of Cobaltstrike.

    trojanbackdoorcobaltstrike
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5c629c71d17cd6327f50764fc2d087c003b8ca66c9d5e2fd609b1b6a6bc7aba5.exe
    "C:\Users\Admin\AppData\Local\Temp\5c629c71d17cd6327f50764fc2d087c003b8ca66c9d5e2fd609b1b6a6bc7aba5.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1932-0-0x000007FEF5873000-0x000007FEF5874000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1932-1-0x0000000000CF0000-0x0000000000CF8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1932-2-0x000007FEF5870000-0x000007FEF625C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1932-3-0x0000000000470000-0x0000000000471000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1932-4-0x000007FEF5870000-0x000007FEF625C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1932-5-0x000007FEF5873000-0x000007FEF5874000-memory.dmp

    Filesize

    4KB

    Download