Analysis
-
max time kernel
135s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
09/11/2024, 09:03
Static task
static1
Behavioral task
behavioral1
Sample
6e72f01bb248b5f7175d5a0b1ac21275421e2524744bde87f60e5fabfaad97db.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
6e72f01bb248b5f7175d5a0b1ac21275421e2524744bde87f60e5fabfaad97db.exe
Resource
win10v2004-20241007-en
General
-
Target
6e72f01bb248b5f7175d5a0b1ac21275421e2524744bde87f60e5fabfaad97db.exe
-
Size
1.7MB
-
MD5
213c2fe5038a7f0a3345b9fcf6e7661e
-
SHA1
f46537f0a8b925521cd796f417094b28928bcfaa
-
SHA256
6e72f01bb248b5f7175d5a0b1ac21275421e2524744bde87f60e5fabfaad97db
-
SHA512
daf9abd83cef88ed829fa43b3579fab8fdc461a8ace95f5c0f1aa3e5f640a18d3ec434ce3953e91067453173dc986666e1bc3f22369a510c94a54b0d918ec762
-
SSDEEP
24576:p7QhLZMd38IUqTkaODfL44x5w93TYLAqH9IhHT3ef8ZBTwkil:p7Q5ZMd3kqEx5mRqH9IxTT6l
Malware Config
Extracted
cobaltstrike
http://192.168.137.130:8888/LFqZ
-
user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322)
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Cobaltstrike family