cobaltstrike | 5d5a02e093506ac20791a3b53a1ec5d824592d8ab7652f5d040a32f4aaa84300 | Triage

Submit
Reports

Overview

overview

Static

static

renkill.exe

windows7-x64

renkill.exe

windows10-2004-x64

Analysis

max time kernel
144s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
17/12/2022, 00:19

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

renkill.exe

Resource

win7-20221111-en

cobaltstrike backdoor trojan

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

renkill.exe

Resource

win10v2004-20220812-en

cobaltstrike backdoor trojan

windows10-2004-x64

1 signatures

150 seconds

Report Analysis Logs

General

Target

renkill.exe
Size

14KB
MD5

8c479b1f258e559240804dcb3eda1e1f
SHA1

52bc79d4a8272f161eab55102c0698017d750f7c
SHA256

5d5a02e093506ac20791a3b53a1ec5d824592d8ab7652f5d040a32f4aaa84300
SHA512

71b1dedb74eb8445ddd385d91733c610062669e06162545c0d35383cbb00fc18919059cc86998fd398c1685235c627cb05e153359b0b29e8db6e490aa32353b0
SSDEEP

192:o3mbPYCfMcrfOIuZmvKQxtzlSIVX6NO3xwO4rejDMN1:HMCfrfQ6tBSIZe3eUN1

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

Processes

C:\Users\Admin\AppData\Local\Temp\renkill.exe
"C:\Users\Admin\AppData\Local\Temp\renkill.exe"
1⤵
PID:4652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4652-132-0x0000000003920000-0x0000000003D20000-memory.dmp

Filesize
4.0MB

Download
memory/4652-133-0x0000000003D20000-0x0000000003D61000-memory.dmp

Filesize
260KB

Download

© 2018-2025

Terms | Privacy