cobaltstrike | 52af796870be2525bd0f7a18167f46045c1b2d0136a6018e1b80329490d8beb9

Analysis

max time kernel
91s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
17-09-2022 06:34

Target

52af796870be2525bd0f7a18167f46045c1b2d0136a6018e1b80329490d8beb9.exe
Size

72KB
MD5

315a5c5871b0de15997d187b93b94d97
SHA1

3ac598e3c0b67b800ff8cab0fa47ba83f3957ce0
SHA256

52af796870be2525bd0f7a18167f46045c1b2d0136a6018e1b80329490d8beb9
SHA512

aaa44261e8656cefd9ae5655c6399345b2803f2876716876c6d6033d661428facf77d54c8fced1b970c46dae8ca08ae3091a819b2774ab9c60713ea266b53f06
SSDEEP

1536:I35yR9gmdfXpxS01ZOty51jWMb+KR0Nc8QsJq39:O5SgsfZBGtje0Nc8QsC9

Score

10^/10

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Downloads MZ/PE file

C:\Users\Admin\AppData\Local\Temp\52af796870be2525bd0f7a18167f46045c1b2d0136a6018e1b80329490d8beb9.exe
"C:\Users\Admin\AppData\Local\Temp\52af796870be2525bd0f7a18167f46045c1b2d0136a6018e1b80329490d8beb9.exe"
1⤵
PID:3028

memory/3028-132-0x0000000002DF0000-0x0000000002E21000-memory.dmp

Filesize
196KB

Download
memory/3028-137-0x0000000003290000-0x0000000003690000-memory.dmp

Filesize
4.0MB

Download
memory/3028-138-0x0000000002E70000-0x0000000002ECF000-memory.dmp

Filesize
380KB

Download
memory/3028-144-0x0000000002ED0000-0x0000000002EF1000-memory.dmp

Filesize
132KB

Download
memory/3028-148-0x0000000003090000-0x0000000003290000-memory.dmp

Filesize
2.0MB

Download
memory/3028-149-0x0000000002CF0000-0x0000000002DF0000-memory.dmp

Filesize
1024KB

Download
memory/3028-150-0x0000000003090000-0x0000000003290000-memory.dmp

Filesize
2.0MB

Download
memory/3028-151-0x0000000002CF0000-0x0000000002DF0000-memory.dmp

Filesize
1024KB

Download