cobaltstrike | 4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24

General

Target

4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe
Size

830KB
MD5

8f4aa27d4f7adf1dba54fda189c7dc5a
SHA1

dd2175073484a08d74a950f4c3e7f024843b46e7
SHA256

4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24
SHA512

7eba97cd52b970b243f352dbc0862441c6bd2f705347d196d56f9c27cdced2a73157237b2d27c6047ecd34fb90029e95f5420d6bb2cc20d76aee31af07f37b68
SSDEEP

12288:H9AJkL2RteaZhiIEvPkmzxpzdMeDSPtJyVUD10vrx/:HaJkLCA4uH5l/+JyK2R

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://:0

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe

description	pid	process	target process
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe
PID 3184 wrote to memory of 4052	3184	4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe	notepad.exe

C:\Users\Admin\AppData\Local\Temp\4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe
"C:\Users\Admin\AppData\Local\Temp\4dcf71294c2eac9daea67264934f4bc2842809cea249d3aae052290a2f656c24.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3184

C:\Windows\System32\notepad.exe
C:\Windows\System32\notepad.exe
2⤵
PID:4052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4052-132-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-133-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-134-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-135-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-136-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-137-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-138-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-139-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-140-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-141-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-143-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-144-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-142-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-145-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-146-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-147-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-148-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-149-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-150-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-152-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-151-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-153-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-154-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-156-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-157-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-158-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-159-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-162-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-163-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-161-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-160-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-164-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-165-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-166-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-168-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-167-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-169-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-170-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-171-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-173-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-174-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-172-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-176-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-177-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-178-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-179-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-175-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-180-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-181-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-182-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-183-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-184-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-185-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-186-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-187-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-188-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-189-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-190-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-191-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-192-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-193-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-194-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download
memory/4052-195-0x000001A51F160000-0x000001A51F1A1000-memory.dmp

Filesize
260KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads