Overview

overview

10

Static

static

3

temp.1.exe

windows7-x64

10

temp.1.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-09-2024 11:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    temp.1.exe

  • Size

    68KB

  • MD5

    e5852100b1ecba5fce3684062e08ec7f

  • SHA1

    7ffba89c4723c17c111bcca280a2ef673b9a607b

  • SHA256

    66a52de66fee86d212ada38411fedd95b4eba6a3975f7a2ce5f8535ecfefacfb

  • SHA512

    1a9dda95a83bae8cba67f35a46458da00742681185602b38bf82aca90befb70332ff46a1a9e6a59d0d7e4c9a1a1505f3bc86e42d29dcd5c626fa683d05e50ae9

  • SSDEEP

    1536:80UVLhHOnhCk96KN/ysvrS1MSNefO8DtVN:8DBC7hNasrS1MSNeftDt

Score
10/10
cobaltstrikebackdoortrojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://sertificationgameconnect.xyz:8443/jquery-3.3.2.slim.min.js

Attributes
  • user_agent

    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Referer: http://code.jquery.com/ Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\temp.1.exe
    "C:\Users\Admin\AppData\Local\Temp\temp.1.exe"
    1⤵
      PID:2668

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2668-0-0x00000237E38C0000-0x00000237E38C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2668-3-0x00000237E3CD0000-0x00000237E40D0000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/2668-2-0x00000237E40D0000-0x00000237E4542000-memory.dmp

      Filesize

      4.4MB

      Download

    • memory/2668-4-0x00000237E40A0000-0x00000237E40A2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2668-5-0x00007FF687830000-0x00007FF687848000-memory.dmp

      Filesize

      96KB

      Download

    • memory/2668-6-0x00000237E3CD0000-0x00000237E40D0000-memory.dmp

      Filesize

      4.0MB

      Download