cobaltstrike | bd2475288e3753ab87602e5b0c51b212c5bac79bef0fbebecfca961c17aaa21d | Triage

Analysis

max time kernel
132s
max time network
139s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
19-11-2024 06:45

Sharing

Report Analysis Logs

General

Target

建筑工人实名制管理平台标准化服务接口登记信息.exe
Size

2.4MB
MD5

1a0e50a7a3bb6056f7f58919f35111bf
SHA1

559f7cd0ee4b1b9da70bd58f51df8653f779f19d
SHA256

bd2475288e3753ab87602e5b0c51b212c5bac79bef0fbebecfca961c17aaa21d
SHA512

956dc91c3f469c317e62d6b268eb8002f13abf2a952853be5aee4a5ca559666a75668ccba18d46a89a096ed474013e1bb6758dab595291ff72714b7bdd8796ed
SSDEEP

24576:YURHk6/fx3m2wYCP5G5irGCuFqE5g87PY3cxlD1:YyEcfxW2wYQY5IGCmg87Pa2lD1

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://139.224.216.18:443/react.development.js

Attributes

user_agent
Accept: text/html, application/xhtml+xml, image/jxr, */* Referer: https://unpkg.com/browse/[email protected]/umd/ User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Win64; x64; Trident/4.0)

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike

Suspicious use of WriteProcessMemory 5 IoCs

Processes:

建筑工人实名制管理平台标准化服务接口登记信息.exe

description	pid	Process	procid_target
PID 2856 wrote to memory of 2060	2856	建筑工人实名制管理平台标准化服务接口登记信息.exe	32
PID 2856 wrote to memory of 2060	2856	建筑工人实名制管理平台标准化服务接口登记信息.exe	32
PID 2856 wrote to memory of 2060	2856	建筑工人实名制管理平台标准化服务接口登记信息.exe	32
PID 2856 wrote to memory of 2060	2856	建筑工人实名制管理平台标准化服务接口登记信息.exe	32
PID 2856 wrote to memory of 2060	2856	建筑工人实名制管理平台标准化服务接口登记信息.exe	32

C:\Users\Admin\AppData\Local\Temp\建筑工人实名制管理平台标准化服务接口登记信息.exe
"C:\Users\Admin\AppData\Local\Temp\建筑工人实名制管理平台标准化服务接口登记信息.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2856
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:2060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2060-2-0x0000000000060000-0x0000000000061000-memory.dmp

Filesize
4KB

Download
memory/2060-0-0x0000000000060000-0x0000000000061000-memory.dmp

Filesize
4KB

Download