Analysis
-
max time kernel
148s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
25-09-2024 09:37
General
-
Target
e44ee80a8208608a2caa5a77abf583dd20a101f880571cd3a1d1b8f6ce681769.exe
-
Size
19KB
-
MD5
e6a93940a4a85d0388cb1f86295820d1
-
SHA1
cf40e70161d6f05061f35603503cd7993d7e1f82
-
SHA256
e44ee80a8208608a2caa5a77abf583dd20a101f880571cd3a1d1b8f6ce681769
-
SHA512
84806ce162663b8cfa83dcff90482c113598cda79172c518ab3540ecdf5d0825c8b2427f6d95dfc3d5a9bc2ab698e2d38a5fcc15da077fe914c55e57fd0cdd89
-
SSDEEP
192:IV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2oXHCw6axYWF8qa1Dojjgi:6qaCF31cix+Dc4zjNv6OtFF46gi
Score
10/10
Malware Config
Extracted
Family
cobaltstrike
C2
http://192.168.0.108:80/4Fqr
Attributes
-
user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
Processes
-
C:\Users\Admin\AppData\Local\Temp\e44ee80a8208608a2caa5a77abf583dd20a101f880571cd3a1d1b8f6ce681769.exe"C:\Users\Admin\AppData\Local\Temp\e44ee80a8208608a2caa5a77abf583dd20a101f880571cd3a1d1b8f6ce681769.exe"1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4180,i,3210801877307184477,8078594481454001567,262144 --variations-seed-version --mojo-platform-channel-handle=4612 /prefetch:81⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
48KB