cobaltstrike | 3028-132-0x0000000002DF0000-0x0000000002E21000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3028-132-0x0000000002DF0000-0x0000000002E21000-memory.dmp
Size

196KB
MD5

242b7584e905be3594d7103b7157f54b
SHA1

2def4f19660e3112536feeab79a560d8c261159c
SHA256

94cfffc14826217a2e2391368136093f00ececa7c66b82600e75907936e472fe
SHA512

fee6fd198abc23990ba719d30288943c1b3851febbdc8afdb86f156f00101c4c122ad3e8221d0f75178a4da8cfc0c1ea0978e59132b3d06c7b59dd006784ee8b
SSDEEP

3072:lsxlRPRNU5694Ppq/ZufvBZotKxjGtvK:Gx7PmlQEn3xjYK

Score

10^/10

cobaltstrike

Malware Config

Signatures

Cobaltstrike family
cobaltstrike

Files

3028-132-0x0000000002DF0000-0x0000000002E21000-memory.dmp
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ