cobaltstrike | 8d8eb285e5c89bb7c2ae1ca2b7a683b48f0db9731e3482785df7570318ef1954

Analysis

max time kernel
62s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
27-12-2022 04:51

Target

b0cbb9bd928f9759c0070a51d998eba8.exe
Size

72KB
MD5

b0cbb9bd928f9759c0070a51d998eba8
SHA1

e95bdb557b6e495705658167e1fc5c17a3edcb6c
SHA256

8d8eb285e5c89bb7c2ae1ca2b7a683b48f0db9731e3482785df7570318ef1954
SHA512

ffdff25165d44dfba88311a03e4879f275c33722a5e2a1b3fb373dbb99c09a61c1c1a801a543326c54cc50781d95864d7070148d96d22a4bffbddd9c3d77c1e1
SSDEEP

1536:IhpZn8Gou/demR7Sr0az/LPMsEbIbwMnsfgMb+KR0Nc8QsJq39:O8GouFZlLazzPMslRs4e0Nc8QsC9

Score

10^/10

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\b0cbb9bd928f9759c0070a51d998eba8.exe
"C:\Users\Admin\AppData\Local\Temp\b0cbb9bd928f9759c0070a51d998eba8.exe"
1⤵
PID:1296

memory/1296-132-0x0000000000A00000-0x0000000000A31000-memory.dmp

Filesize
196KB

Download
memory/1296-136-0x00000000005C0000-0x00000000005EB000-memory.dmp

Filesize
172KB

Download
memory/1296-138-0x00000000027A0000-0x00000000027FF000-memory.dmp

Filesize
380KB

Download
memory/1296-143-0x00000000026A0000-0x00000000027A0000-memory.dmp

Filesize
1024KB

Download
memory/1296-145-0x0000000000B80000-0x0000000000BA1000-memory.dmp

Filesize
132KB

Download
memory/1296-149-0x00000000026A0000-0x00000000027A0000-memory.dmp

Filesize
1024KB

Download
memory/1296-150-0x00000000026A0000-0x00000000027A0000-memory.dmp

Filesize
1024KB

Download
memory/1296-151-0x00000000026A0000-0x00000000027A0000-memory.dmp

Filesize
1024KB

Download