cobaltstrike | f8d0d23a98dafbfdd76ad617f20889be52f1e25750f11e7bc74bef156f87217f

Analysis

max time kernel
150s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04-12-2022 10:54

Target

f8d0d23a98dafbfdd76ad617f20889be52f1e25750f11e7bc74bef156f87217f.exe
Size

60KB
MD5

9c7828e9ae2d9a7682cca84af65937bc
SHA1

3eea3832d5765315937cb48b34af1301d98a6efb
SHA256

f8d0d23a98dafbfdd76ad617f20889be52f1e25750f11e7bc74bef156f87217f
SHA512

4b0e32ddeab24af9542fc48be150527ba229aec7bbca8bb13f9b56246a4e6a0b20b15f7625cbb7012a72920a9eb3e3fc945fc065e3e97a4bcf63b812c58f8409
SSDEEP

1536:jL0AzrN5OugTBlsAYmB3BWeQcEWtQkvTa:TzrN5OugTYfuWeQcntQya

Score

10^/10

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

f8d0d23a98dafbfdd76ad617f20889be52f1e25750f11e7bc74bef156f87217f.exe

pid process

2688 f8d0d23a98dafbfdd76ad617f20889be52f1e25750f11e7bc74bef156f87217f.exe

pid	process
2688	f8d0d23a98dafbfdd76ad617f20889be52f1e25750f11e7bc74bef156f87217f.exe

C:\Users\Admin\AppData\Local\Temp\f8d0d23a98dafbfdd76ad617f20889be52f1e25750f11e7bc74bef156f87217f.exe
"C:\Users\Admin\AppData\Local\Temp\f8d0d23a98dafbfdd76ad617f20889be52f1e25750f11e7bc74bef156f87217f.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2688

memory/2688-132-0x00000000021F0000-0x00000000021F8000-memory.dmp

Filesize
32KB

Download
memory/2688-136-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download