cobaltstrike | 0119be634e488058593358c71ee835dd94124a7202e03aa9c62f52d21681f03d

Analysis

max time kernel
30s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
11/04/2023, 11:51

Target

0119be634e488058593358c71ee835dd94124a7202e03aa9c62f52d21681f03d.dll
Size

423KB
MD5

3e08c0e69fc1bbd36b2bb09086fd30ad
SHA1

10f4ca6c28c6ed0cdff0f248989ee5e6e9bbc895
SHA256

0119be634e488058593358c71ee835dd94124a7202e03aa9c62f52d21681f03d
SHA512

9f504024aaad0d5c03c75461495e480ee882891b91c3f51dcd8d868ca7d9fc7f54c26785e465a3575a18e582541e490451fd1bf20ce2767e09904539ba8aaf21
SSDEEP

6144:jMGDDQvmwEUXOHxoKBI0X3QAIxmxDwx3yBV+7a6FSNlXwRzHCrIy:jRgvmwytXgAIywwBVyXRk

Score

10^/10

Family

cobaltstrike

http://themerecord.com:443/__amazons_init.gif

Attributes

user_agent
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1692	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\0119be634e488058593358c71ee835dd94124a7202e03aa9c62f52d21681f03d.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1692

memory/1692-54-0x000007FEFC900000-0x000007FEFC901000-memory.dmp

Filesize
4KB

Download
memory/1692-56-0x0000000002380000-0x0000000002390000-memory.dmp

Filesize
64KB

Download
memory/1692-58-0x0000000003020000-0x0000000003420000-memory.dmp

Filesize
4.0MB

Download