Overview

overview

10

Static

static

10

sample.zip

windows7-x64

1

sample.zip

windows10-2004-x64

1

temp/1.c

windows7-x64

3

temp/1.c

windows10-2004-x64

3

temp/1.exe

windows7-x64

10

temp/1.exe

windows10-2004-x64

10

temp/123

ubuntu-24.04-amd64

1

temp/CS4.9/CS.lnk

windows7-x64

3

temp/CS4.9/CS.lnk

windows10-2004-x64

3

temp/CS4.9...ke.bat

windows7-x64

1

temp/CS4.9...ke.bat

windows10-2004-x64

1

temp/CS4.9...at.lnk

windows7-x64

6

temp/CS4.9...at.lnk

windows10-2004-x64

7

temp/CS4.9...ke.vbs

windows7-x64

1

temp/CS4.9...ke.vbs

windows10-2004-x64

7

temp/CS4.9...bs.lnk

windows7-x64

3

temp/CS4.9...bs.lnk

windows10-2004-x64

7

temp/CS4.9...rImage

ubuntu-22.04-amd64

4

temp/CS4.9/c2lint

ubuntu-18.04-amd64

1

temp/CS4.9/c2lint

debian-9-armhf

1

temp/CS4.9/c2lint

debian-9-mips

temp/CS4.9/c2lint

debian-9-mipsel

1

temp/CS4.9...nt.jar

windows7-x64

1

temp/CS4.9...nt.jar

windows10-2004-x64

1

temp/CS4.9/uHook.jar

windows7-x64

1

temp/CS4.9/uHook.jar

windows10-2004-x64

1

temp/CS4.9...78.zip

windows7-x64

1

temp/CS4.9...78.zip

windows10-2004-x64

1

WiFi驱动...��.exe

windows7-x64

1

WiFi驱动...��.exe

windows10-2004-x64

10

temp/CS4.9...Fi.exe

windows7-x64

1

temp/CS4.9...Fi.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    138s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-09-2024 11:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    temp/CS4.9/cobaltstrike-client.jar

  • Size

    24.4MB

  • MD5

    a09b2907278a6452d91ed4dbd9798e38

  • SHA1

    26cffb1154cd9e50098fa1604df868facd4f9bae

  • SHA256

    e6625119e4491a1bd42849778816250f4658fac1d5554fd51e5ba67e0b244f56

  • SHA512

    9454f1ad2e21932e47047812655e7ba53faeccf941d92baa755e24254cb890931455086b3e92d5c644315d584d2e3310a4cc8693cc62d9d0f5ba1dae02c9a74d

  • SSDEEP

    786432:jXWN48462ATqLG7NnX0EGqIIV7+85uRLben0GS:rXnpUqLAZBIIV7qLa05

Score
1/10

Malware Config

Signatures

  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\temp\CS4.9\cobaltstrike-client.jar
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4056-2-0x000001ED80000000-0x000001ED80270000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/4056-15-0x000001EDF2AA0000-0x000001EDF2AA1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4056-19-0x000001ED80270000-0x000001ED80280000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-21-0x000001ED80280000-0x000001ED80290000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-22-0x000001ED80290000-0x000001ED802A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-25-0x000001ED802A0000-0x000001ED802B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-27-0x000001ED802B0000-0x000001ED802C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-29-0x000001ED802C0000-0x000001ED802D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-32-0x000001ED802D0000-0x000001ED802E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-34-0x000001ED802E0000-0x000001ED802F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-36-0x000001ED802F0000-0x000001ED80300000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-37-0x000001EDF2AA0000-0x000001EDF2AA1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4056-40-0x000001ED80000000-0x000001ED80270000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/4056-41-0x000001ED80300000-0x000001ED80310000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-45-0x000001ED80310000-0x000001ED80320000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-44-0x000001ED80270000-0x000001ED80280000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-48-0x000001ED80280000-0x000001ED80290000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-49-0x000001ED80320000-0x000001ED80330000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-52-0x000001ED80290000-0x000001ED802A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-56-0x000001ED802A0000-0x000001ED802B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-55-0x000001ED80340000-0x000001ED80350000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-58-0x000001ED80350000-0x000001ED80360000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-57-0x000001ED802B0000-0x000001ED802C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-54-0x000001ED80330000-0x000001ED80340000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-60-0x000001ED802C0000-0x000001ED802D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-61-0x000001ED80360000-0x000001ED80370000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-66-0x000001ED80370000-0x000001ED80380000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-69-0x000001ED802E0000-0x000001ED802F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-68-0x000001ED80390000-0x000001ED803A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-67-0x000001ED80380000-0x000001ED80390000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-65-0x000001ED802D0000-0x000001ED802E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-75-0x000001ED80300000-0x000001ED80310000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-74-0x000001ED803B0000-0x000001ED803C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-87-0x000001ED80320000-0x000001ED80330000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-86-0x000001ED803E0000-0x000001ED803F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-84-0x000001ED803D0000-0x000001ED803E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-83-0x000001ED803C0000-0x000001ED803D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-82-0x000001ED80400000-0x000001ED80410000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-81-0x000001ED80310000-0x000001ED80320000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-73-0x000001ED803A0000-0x000001ED803B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-72-0x000001ED802F0000-0x000001ED80300000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-93-0x000001ED80420000-0x000001ED80430000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-96-0x000001ED80350000-0x000001ED80360000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-101-0x000001ED80360000-0x000001ED80370000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-100-0x000001ED80450000-0x000001ED80460000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-99-0x000001EDF2AA0000-0x000001EDF2AA1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4056-98-0x000001ED80440000-0x000001ED80450000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-97-0x000001ED80430000-0x000001ED80440000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-92-0x000001ED80410000-0x000001ED80420000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-91-0x000001ED80340000-0x000001ED80350000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-90-0x000001ED80330000-0x000001ED80340000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-105-0x000001ED80370000-0x000001ED80380000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-108-0x000001ED80460000-0x000001ED80470000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-107-0x000001ED80390000-0x000001ED803A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-106-0x000001ED80380000-0x000001ED80390000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-111-0x000001ED80470000-0x000001ED80480000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-116-0x000001ED803A0000-0x000001ED803B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-118-0x000001ED80480000-0x000001ED80490000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-117-0x000001ED803B0000-0x000001ED803C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-121-0x000001ED80490000-0x000001ED804A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-127-0x000001ED80400000-0x000001ED80410000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-128-0x000001ED803C0000-0x000001ED803D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-129-0x000001ED803D0000-0x000001ED803E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-130-0x000001ED803E0000-0x000001ED803F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-133-0x000001ED80420000-0x000001ED80430000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-132-0x000001ED80410000-0x000001ED80420000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-134-0x000001ED80430000-0x000001ED80440000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-135-0x000001ED80440000-0x000001ED80450000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-136-0x000001ED80450000-0x000001ED80460000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-137-0x000001ED80460000-0x000001ED80470000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-138-0x000001ED80470000-0x000001ED80480000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-139-0x000001ED80480000-0x000001ED80490000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-140-0x000001ED80490000-0x000001ED804A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-142-0x000001EDF2AA0000-0x000001EDF2AA1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4056-143-0x000001ED804A0000-0x000001ED804B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-144-0x000001ED804A0000-0x000001ED804B0000-memory.dmp

    Filesize

    64KB

    Download