cobaltstrike | 1456-83-0x0000000002E00000-0x0000000002E52000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1456-83-0x0000000002E00000-0x0000000002E52000-memory.dmp
Size

328KB
MD5

4125d49624b4d76f69e40fb6e9a41893
SHA1

0fdb1a2996f2ee388ce9c5df6c1f82ad1ad2d736
SHA256

c70ee9898cf59c72813be6e5521d08c29d3715081e1ac05056c54066659f802f
SHA512

632bec48426f27a2e54be7f50c5573c06950bedeb5de92371b2167f0abc0a4a9b54717fe34f07834a3d490a063f2351273aba948e0e969f6dc46b8d75f201c1d
SSDEEP

3072:RzbINhWl+CIbrqqEVxtfg8jtfDCJS4l9JTFyG+JteEzCnLyi1dYJ3E6vzHklaTfz:RzbUyootfDCvT4ZTXzCLLdCBjfrKM

Score

10^/10

cobaltstrike

Malware Config

Signatures

Cobaltstrike family
cobaltstrike

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1456-83-0x0000000002E00000-0x0000000002E52000-memory.dmp

Files

1456-83-0x0000000002E00000-0x0000000002E52000-memory.dmp
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ