cobaltstrike | e903253b73d3e43e98088dce800bd5fb75c9b2786153c6d0150080c1d002bbb3

Analysis

max time kernel
147s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09-09-2024 11:13

Target

WiFi驱动高危漏洞补丁.exe
Size

951KB
MD5

40d889427c3db5dcf479378dcac954c9
SHA1

e60fe132d8ddffd242f794b3ebbe2f8ab04824ff
SHA256

030405f03e9152882d7a480cd4af1ae1e60ab5e10a010c4ac98bad7d8b9c05b4
SHA512

97f2b968621647ca5de8ff99e321f8a3620a808e6b5af0085274a53ec1bbc6310ee7808e4b4f4d831bb18a7c3e78c8fd242f9aa9a276a5d3ac9070f32d7ed862
SSDEEP

12288:4QwwPAuxstPiXhK3WX89QLkTtgoYfZFV8BxNDCDZc5bP+MZQFVFmh/Z/4ANyB0:4QKuxst/3WugoBNGD9MaNB

Score

10^/10

Family

cobaltstrike

http://124.222.72.51:4433/fl9R

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; FunWebProducts; IE0006_ver1;EN_GB)

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

Suspicious behavior: MapViewOfSection 1 IoCs

pid	Process
4188	WiFi驱动高危漏洞补丁.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4188 wrote to memory of 2168	4188	WiFi驱动高危漏洞补丁.exe	83
PID 4188 wrote to memory of 2168	4188	WiFi驱动高危漏洞补丁.exe	83

C:\Users\Admin\AppData\Local\Temp\WiFi驱动高危漏洞补丁.exe
"C:\Users\Admin\AppData\Local\Temp\WiFi驱动高危漏洞补丁.exe"
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:4188
- C:\Windows\System32\nslookup.exe
  "C:\Windows\System32\nslookup.exe"
  2⤵
  PID:2168

memory/2168-0-0x000002107B460000-0x000002107B461000-memory.dmp

Filesize
4KB

Download