Cobalt Strike Beacon dropped by HTML Application (HTA) | VMRay Analyzer Report
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Target: win10_64 | html_application
Classification: Trojan, Keylogger, Downloader

d8ef1c4f64a05b1abf100044fcb7048c9526d175a114cb90bd134b80783da146 (SHA256)

Secure_Document_Plugin.hta

HTML Application

Created at 2018-02-15 18:28:00

...

Notifications (2/3)

Some memory dumps may be missing in the reports since the maximum number of dumps was reached during the analysis. You can increase the limit in the configuration settings.

Some memory dumps may be missing in the reports since the total dump size limit was reached during the analysis. You can increase the limit in the configuration settings.

The overall sleep time of all monitored processes was truncated from "11 minutes, 47 seconds" to "8 minutes, 50 seconds" to reveal dormant functionality.

Top Threat Indicators (View all 18 threat indicators)

Category Operation Classification
Injection Writes into the memory of another running process -
Injection Modifies control flow of another process -
File System Associated with malicious files Trojan

Screenshots

Monitored Processes

Process Graph

Process Graph Legend

Analysis Information

Creation Time 2018-02-15 19:28 (UTC+1)
Analysis Duration -
Number of Monitored Processes 8
Execution Successful True
Reputation Enabled True
Termination Reason Timeout
Tags
#cobalt_strike_beacon

Analyzer and Virtual Machine Information

Analyzer Version 2.2.0
Analyzer Build Date 2018-02-08 16:49 (UTC+1)
Adobe Acrobat Reader Version 17.012.20098
Microsoft Office 2016
Microsoft Office Version 16.0.4266.1003
Internet Explorer Version 11.0.10240.16384
Chrome Version 58.0.3029.110
Firefox Version 53.0.3
Flash Version 25.0.0.148
Java Version 8.0.1310.11
VM Name win10_64
VM Architecture x86 64-bit
VM OS Windows 10 Threshold 1
VM Kernel Version 10.0.10240.16384 (c68ee22f-dcf6-4778-95c5-4a862be16567)

Sample Information

ID #21062
MD5 Hash Value ad3b4198ce49b70d8bb804daf9741660
SHA1 Hash Value 5620e52094d75d3d8c47d4daade74fa45301e347
SHA256 Hash Value d8ef1c4f64a05b1abf100044fcb7048c9526d175a114cb90bd134b80783da146
Filename Secure_Document_Plugin.hta
File Size 0.69 KB
File Type HTML Application
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image