Analysis
-
max time kernel
140s -
max time network
140s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
23-11-2024 07:23
Static task
static1
Behavioral task
behavioral1
Sample
2a884ea7ed4795ee2c45c96c78076624c96ad56c2750220b22f3dbd7c90e7b57.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2a884ea7ed4795ee2c45c96c78076624c96ad56c2750220b22f3dbd7c90e7b57.exe
Resource
win10v2004-20241007-en
General
-
Target
2a884ea7ed4795ee2c45c96c78076624c96ad56c2750220b22f3dbd7c90e7b57.exe
-
Size
19KB
-
MD5
45b5cb8971f298961ebd76dd38e7124e
-
SHA1
1bfe7c3dfbae1b5e219f379d654c5ff190ebad00
-
SHA256
2a884ea7ed4795ee2c45c96c78076624c96ad56c2750220b22f3dbd7c90e7b57
-
SHA512
6487c5daece5dbf1a5baefc2569c1d6c1891217f4ae98770dae46fcc33c341e26765233d935626903e491b2fd7923799cbed873ef780b409c58a1b0263ed75f8
-
SSDEEP
192:qV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2xWv2a8WF8qa1Dojjgi:EqaCF31cix+Dc4zj8W5FF46gi
Malware Config
Extracted
cobaltstrike
http://192.168.199.75:8889/TlMP
-
user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Cobaltstrike family