Analysis Overview
SHA256
fd4dd48ccc9024daac14710ba64c25e1df13123e90f34d2ef35a0ee462cf9e98
Threat Level: Known bad
The file fd4dd48ccc9024daac14710ba64c25e1df13123e90f34d2ef35a0ee462cf9e98 was found to be: Known bad.
Malicious Activity Summary
Cobaltstrike
Adds Run key to start application
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-09-14 14:54
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-09-14 14:54
Reported
2024-09-14 14:56
Platform
win10v2004-20240802-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Cobaltstrike
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyAppName = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fd4dd48ccc9024daac14710ba64c25e1df13123e90f34d2ef35a0ee462cf9e98.exe" | C:\Users\Admin\AppData\Local\Temp\fd4dd48ccc9024daac14710ba64c25e1df13123e90f34d2ef35a0ee462cf9e98.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\fd4dd48ccc9024daac14710ba64c25e1df13123e90f34d2ef35a0ee462cf9e98.exe
"C:\Users\Admin\AppData\Local\Temp\fd4dd48ccc9024daac14710ba64c25e1df13123e90f34d2ef35a0ee462cf9e98.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| HK | 202.181.26.160:81 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| US | 8.8.8.8:53 | 232.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.26.181.202.in-addr.arpa | udp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| US | 8.8.8.8:53 | 43.56.20.217.in-addr.arpa | udp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
Files
memory/4088-2-0x0000000002990000-0x0000000002991000-memory.dmp
memory/4088-4-0x00000000029A0000-0x0000000002DA0000-memory.dmp
memory/4088-3-0x0000000002DA0000-0x0000000003212000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-14 14:54
Reported
2024-09-14 14:56
Platform
win7-20240903-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Cobaltstrike
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyAppName = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fd4dd48ccc9024daac14710ba64c25e1df13123e90f34d2ef35a0ee462cf9e98.exe" | C:\Users\Admin\AppData\Local\Temp\fd4dd48ccc9024daac14710ba64c25e1df13123e90f34d2ef35a0ee462cf9e98.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\fd4dd48ccc9024daac14710ba64c25e1df13123e90f34d2ef35a0ee462cf9e98.exe
"C:\Users\Admin\AppData\Local\Temp\fd4dd48ccc9024daac14710ba64c25e1df13123e90f34d2ef35a0ee462cf9e98.exe"
Network
| Country | Destination | Domain | Proto |
| HK | 202.181.26.160:81 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
| HK | 202.181.26.160:8001 | 202.181.26.160 | tcp |
Files
memory/2100-2-0x0000000002460000-0x0000000002461000-memory.dmp
memory/2100-4-0x0000000003090000-0x0000000003490000-memory.dmp
memory/2100-3-0x0000000003490000-0x0000000003902000-memory.dmp