Overview

overview

10

Static

static

3

9278aea656...8d.dll

windows7-x64

10

9278aea656...8d.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-09-2024 19:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9278aea6561d5cb76147702e104ab805b54303f6fe1ce598484efc3e443e988d.dll

  • Size

    17KB

  • MD5

    d4a2ed4f54b532c45a751f4c6cc7c238

  • SHA1

    87e60643b97cc6af95429ce9fb09a66260478da4

  • SHA256

    9278aea6561d5cb76147702e104ab805b54303f6fe1ce598484efc3e443e988d

  • SHA512

    7c02659c2ac8d959be59271fda7b328d3e2877c1beb27ac6cbff458aef773a4cee3c071bdc6a6fc2ee5742ec22195c6cafc04b2056d061a0ebcc9301647b021d

  • SSDEEP

    192:hAJlQmO0zw24dB36AkSvvwzWlKo8KhIPuK3BX7SO6TVKSMUZiTTTTTTTTTTTTTTV:hAJlu1F/vvwa4qkuKZHUZskJEZT

Score
10/10
cobaltstrikebackdoortrojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://192.168.200.32:443/v2.0/identity/authorize

Attributes
  • user_agent

    Accept: text/html,application/xhtml+xml,application/json;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Edg/128.0.0.0

Signatures

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\9278aea6561d5cb76147702e104ab805b54303f6fe1ce598484efc3e443e988d.dll,#1
    1⤵
      PID:2472

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2472-0-0x0000022ED2D80000-0x0000022ED2D81000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2472-1-0x00007FF9EDAB0000-0x00007FF9EDABD000-memory.dmp

      Filesize

      52KB

      Download