Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
23-11-2024 11:19
Behavioral task
behavioral1
Sample
ce1d1ee0edb1713cf4e7dd5346e705be5337908e9940ca9b353fa0e28500dc01.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
ce1d1ee0edb1713cf4e7dd5346e705be5337908e9940ca9b353fa0e28500dc01.exe
Resource
win10v2004-20241007-en
General
-
Target
ce1d1ee0edb1713cf4e7dd5346e705be5337908e9940ca9b353fa0e28500dc01.exe
-
Size
635KB
-
MD5
98d579e1239477105f72783e32e4409b
-
SHA1
089302c664e779c866b43dcb0cc42f7c312c5312
-
SHA256
ce1d1ee0edb1713cf4e7dd5346e705be5337908e9940ca9b353fa0e28500dc01
-
SHA512
0f453944c57cdca0fcc4e44fc2e45c277b032716ff4daa71fea775b99d9c5e740d1383e33a48c0e030515e5c2ed331d59b19d8a13abc9d1e236b22ca3a1a2d04
-
SSDEEP
6144:ory6hE6iIN51UbBBuJVPT7BcHlFOJ3quOTBcYMezRGSUkPgDo:ZaE7wTU0PT7BcHO3qu8TMMIDo
Malware Config
Extracted
cobaltstrike
http://192.168.241.130:9999/jquery-3.3.2.slim.min.js
-
user_agent
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Referer: http://code.jquery.com/ Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Cobaltstrike family