Managed XDR

1.hta (Cobalt Strike) — malware analysis report

File info

Filename
1.hta
File type
HTML document, ASCII text, with very long lines, with CRLF line terminators
File size
286.6 KB
First seen
Last seen

Environment

w10/x64 en

Hashes

SHA1
246834b1c232e9d9817115d8c3725bb1145b1891
SHA256
d388fdbcb51377fdaf39309e784111d4db0168c7b7ada58455160c31f6cea2ae
MD5
ce6a0223f01f94811dfd4147e16a8208

Malwares

  • Cobalt Strike

Signatures

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1497 evasion_printers: Attempts to detect Sandbox by exploring existing printers
T1497.002 antivm_usbstor: Reads information about usbdevices from regkey
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Credential Access

T1555.004 windows_credential_manager: Acquire credentials from the Windows Credential Manager

Discovery

T1497 evasion_printers: Attempts to detect Sandbox by exploring existing printers
T1497.002 antivm_usbstor: Reads information about usbdevices from regkey

Other

yara_rules: Static rules
suspicious_network_port: Performs TCP or UDP request to non-standard port
test_check_service: Starts services
antisandbox_check_graphics_card: Uses CreateDXGIFactory, potentially to detect graphics card
writes_data: Writes big amount of data to disk

Related reports