cobaltstrike | 58d82393590ce456b7464fa723218fcb67323f15fa4f5794a1f5fd9818032f44

Analysis

max time kernel
93s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25-09-2024 04:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f53a3aab3577f84585d454f740674153_JaffaCakes118.js
Size

927KB
MD5

f53a3aab3577f84585d454f740674153
SHA1

f1cb2e77d4a46528b3041f3f5eda0db7dc9d9f07
SHA256

58d82393590ce456b7464fa723218fcb67323f15fa4f5794a1f5fd9818032f44
SHA512

59c8dd71a8d4df5211b259e9422c3d376fa08c0d866394ddcc0d24d0b0e6f04b79941121ab01efa5d730e34d2a866d2378a86edfce019894e477673d2a9bc556
SSDEEP

24576:HG3ZRx1744y480k0rdGPKEfpCn16BObdv:m3Z718+80k7KEfpOzdv

Score

10^/10

cobaltstrike backdoor execution trojan

Malware Config

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3420 wrote to memory of 4844	3420	wscript.exe	81
PID 3420 wrote to memory of 4844	3420	wscript.exe	81
PID 3420 wrote to memory of 4844	3420	wscript.exe	81

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\f53a3aab3577f84585d454f740674153_JaffaCakes118.js
1⤵
- Suspicious use of WriteProcessMemory
PID:3420
- C:\Windows\System32\mstsc.exe
  C:/Windows/System32/mstsc.exe
  2⤵
  PID:4844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3420-0-0x00007FFD088B3000-0x00007FFD088B5000-memory.dmp

Filesize
8KB

Download
memory/3420-1-0x00007FFD088B0000-0x00007FFD09371000-memory.dmp

Filesize
10.8MB

Download
memory/3420-2-0x000001D4BA040000-0x000001D4BA1BE000-memory.dmp

Filesize
1.5MB

Download
memory/3420-3-0x000001D4BA8F0000-0x000001D4BAE18000-memory.dmp

Filesize
5.2MB

Download
memory/3420-4-0x000001D4A0DC0000-0x000001D4A0E72000-memory.dmp

Filesize
712KB

Download
memory/3420-7-0x00007FFD088B0000-0x00007FFD09371000-memory.dmp

Filesize
10.8MB

Download
memory/4844-6-0x0000024DD9710000-0x0000024DD9781000-memory.dmp

Filesize
452KB

Download