Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    21-09-2024 10:27

General

  • Target

    86bb5973db922636e58d422ff8ba3ffbd11f1478c10df5063df0a3c3a80c0585.exe

  • Size

    19KB

  • MD5

    20d21c6566e1af3caa82be1b5a816ee1

  • SHA1

    bb437d5471b6ccf5ef6f343e6355906ba5d35526

  • SHA256

    86bb5973db922636e58d422ff8ba3ffbd11f1478c10df5063df0a3c3a80c0585

  • SHA512

    673f92c0b38f63733286a366cbffacfcd0378572f3921fde962722b58cedc53d89b4d7523b4257ef021f2af94b183ca68ed7f91558529b05d34c33d5a889c9b3

  • SSDEEP

    192:uV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2wpCiF1WF8qa1Dojjgi:4qaCF31cix+Dc4zjxpCPFF46gi

Malware Config

Extracted

Family

cobaltstrike

C2

http://192.168.49.128:4444/oP9e

Attributes
  • user_agent

    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; WOW64; Trident/5.0)

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\86bb5973db922636e58d422ff8ba3ffbd11f1478c10df5063df0a3c3a80c0585.exe
    "C:\Users\Admin\AppData\Local\Temp\86bb5973db922636e58d422ff8ba3ffbd11f1478c10df5063df0a3c3a80c0585.exe"
    1⤵
      PID:2904

    Network

      No results found
    • 192.168.49.128:4444
      86bb5973db922636e58d422ff8ba3ffbd11f1478c10df5063df0a3c3a80c0585.exe
      152 B
      3
    • 192.168.49.128:4444
      86bb5973db922636e58d422ff8ba3ffbd11f1478c10df5063df0a3c3a80c0585.exe
      152 B
      3
    • 192.168.49.128:4444
      86bb5973db922636e58d422ff8ba3ffbd11f1478c10df5063df0a3c3a80c0585.exe
      152 B
      3
    • 192.168.49.128:4444
      86bb5973db922636e58d422ff8ba3ffbd11f1478c10df5063df0a3c3a80c0585.exe
      152 B
      3
    • 192.168.49.128:4444
      86bb5973db922636e58d422ff8ba3ffbd11f1478c10df5063df0a3c3a80c0585.exe
      152 B
      3
    • 192.168.49.128:4444
      86bb5973db922636e58d422ff8ba3ffbd11f1478c10df5063df0a3c3a80c0585.exe
      152 B
      3
    • 192.168.49.128:4444
      86bb5973db922636e58d422ff8ba3ffbd11f1478c10df5063df0a3c3a80c0585.exe
      152 B
      3
    • 192.168.49.128:4444
      86bb5973db922636e58d422ff8ba3ffbd11f1478c10df5063df0a3c3a80c0585.exe
      52 B
      1
    No results found

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2904-0-0x0000000000020000-0x0000000000021000-memory.dmp

      Filesize

      4KB

    • memory/2904-1-0x0000000000400000-0x000000000040C000-memory.dmp

      Filesize

      48KB

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.