cobaltstrike | 2de0c28fcb5a2f474ef64657f5af1894ac7250ad04c10ac2e47662e5ad63c5ee | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

tmp.exe

windows7-x64

tmp.exe

windows10-2004-x64

Analysis

max time kernel
143s
max time network
146s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
18/12/2022, 21:45

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

tmp.exe

Resource

win7-20220812-en

cobaltstrike backdoor trojan

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

tmp.exe

Resource

win10v2004-20220812-en

cobaltstrike backdoor trojan

windows10-2004-x64

1 signatures

150 seconds

Report Analysis Logs

General

Target

tmp.exe
Size

14KB
MD5

38e683a907676cdd089ffbdae499835d
SHA1

10a04a9b411d09bc41a7f768f4c7cda20a5d62dc
SHA256

2de0c28fcb5a2f474ef64657f5af1894ac7250ad04c10ac2e47662e5ad63c5ee
SHA512

b823d33a2fb86b2e044be5b8aa50e1ef970726d02e3d4cc84f868054ba1e33eedfe08c8e35c6a467aa3f8a9b9c6ce87ef889c54ee64d64ce4e62a72daa393f73
SSDEEP

192:ADH+DgGK83SxHn2OQ/dmBI4KBfTgir+xzxp3FbqUqV/Qjo7AGa:AT+kGKqbOCdWIVBff+xzxphfCXAn

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

Processes

C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe"
1⤵
PID:1088

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1088-54-0x0000000074C91000-0x0000000074C93000-memory.dmp

Filesize
8KB

Download
memory/1088-55-0x0000000003BB0000-0x0000000003FB0000-memory.dmp

Filesize
4.0MB

Download
memory/1088-56-0x0000000002700000-0x0000000002735000-memory.dmp

Filesize
212KB

Download

© 2018-2025

Terms | Privacy