Analysis
-
max time kernel
132s -
max time network
143s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
22-11-2024 05:13
Static task
static1
Behavioral task
behavioral1
Sample
a685467531566053cedef55d0d14498490798314cc1ee5c1039813793d3666f3.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
a685467531566053cedef55d0d14498490798314cc1ee5c1039813793d3666f3.exe
Resource
win10v2004-20241007-en
General
-
Target
a685467531566053cedef55d0d14498490798314cc1ee5c1039813793d3666f3.exe
-
Size
1.6MB
-
MD5
232c4272e0ca9fde1d0768ba7b6d9000
-
SHA1
16f37214d154e87ee71619b6e8e582e973606522
-
SHA256
a685467531566053cedef55d0d14498490798314cc1ee5c1039813793d3666f3
-
SHA512
21252c0f914d605284d403c7773625c44cc23a3f7ae2c243c1cdfa73264111e862871c29911d0096f545d0d7579f3ae05e00d1eca831c8ffeb13a800a14a0e0b
-
SSDEEP
12288:AhETHAGC3bZj8pdfEU0db8RRiDHaLkXb4gcuOMkZILfaBOL7MfO79uGraL5rr8Ax:Qh1qh374XbJcu3+n9gWhV337K1tdxK
Malware Config
Extracted
cobaltstrike
http://54.169.178.61:5012/IYuF
-
user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUSSEM)
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Cobaltstrike family