Analysis
-
max time kernel
141s -
max time network
139s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
09/11/2024, 09:03
Static task
static1
Behavioral task
behavioral1
Sample
f98f0acf31dbb54bed25634456c9c96688306d6d77fd6776f3a99bea1c685e66.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
f98f0acf31dbb54bed25634456c9c96688306d6d77fd6776f3a99bea1c685e66.exe
Resource
win10v2004-20241007-en
General
-
Target
f98f0acf31dbb54bed25634456c9c96688306d6d77fd6776f3a99bea1c685e66.exe
-
Size
19KB
-
MD5
4ce9966710a0a466a36a1b1c9ca5ca0a
-
SHA1
94ae38098318254df7d938afce5ebda3aacd006e
-
SHA256
f98f0acf31dbb54bed25634456c9c96688306d6d77fd6776f3a99bea1c685e66
-
SHA512
ff05b86fc9fff97f968f121316d7b36883acf347ec592d1e614898ee87d99be818da481f659d72f820fbd0f1e496465b74397d66ab026adbb4c1dbe7294233bc
-
SSDEEP
192:NeV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2qW8WF8qa1Dojjgi:NoqaCF31cix+Dc4zjbW5FF46gi
Malware Config
Extracted
cobaltstrike
http://192.168.137.130:8888/tVGL
-
user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Cobaltstrike family