Behavioral task
behavioral1
Sample
b6a4707e9fed31a853d46ab9f588d0050f3807e2e5467613982364f7644fff45N.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
b6a4707e9fed31a853d46ab9f588d0050f3807e2e5467613982364f7644fff45N.dll
Resource
win10v2004-20241007-en
General
-
Target
b6a4707e9fed31a853d46ab9f588d0050f3807e2e5467613982364f7644fff45N.exe
-
Size
304KB
-
MD5
f4aec990ae46a6443ef7348de73035d0
-
SHA1
4556bf2ff9d76febce758cae54ee0f836e8d5260
-
SHA256
b6a4707e9fed31a853d46ab9f588d0050f3807e2e5467613982364f7644fff45
-
SHA512
cabd7605613e01e9595ab18a5f6e4f66c44c4323620817de19e045e9274b46191b976cb8368da4cbe3b00c40e8fd98db5b99ae076d0d6107a07ef1543f30de74
-
SSDEEP
3072:TJwpS2NACV4qAbypuljJGnJYoTjqETdtbsnOfFwXVa/eSbVjYJBaXM6ENeHnaH:TJwpYVNcn3pTdNe+WXViBjBNH
Malware Config
Extracted
cobaltstrike
0
-
watermark
0
Signatures
-
Cobaltstrike family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource b6a4707e9fed31a853d46ab9f588d0050f3807e2e5467613982364f7644fff45N.exe
Files
-
b6a4707e9fed31a853d46ab9f588d0050f3807e2e5467613982364f7644fff45N.exe.dll windows:5 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI
Sections
.text Size: 168KB - Virtual size: 168KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 63KB - Virtual size: 63KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 9KB - Virtual size: 49KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ