cobaltstrike | c0545200569496754aa5a4c3000af185b56b819409a561f7a5cc5c6bb3015f8b

Analysis

max time kernel
143s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
21/07/2023, 07:51

Target

c0545200569496754aa5a4c3000af185b56b819409a561f7a5cc5c6bb3015f8b.exe
Size

2.6MB
MD5

c2ef24ba11461cbffb1a6a81c36309bf
SHA1

fcb01e98c545261616b6f14bb91d5beb2ba25ca4
SHA256

c0545200569496754aa5a4c3000af185b56b819409a561f7a5cc5c6bb3015f8b
SHA512

18003e55368c94f2a8172a46f29bae1d9e94f9da3512367ce74abf5dcbf259fde5d0868523dedff9391fae8a2e294d5bc5630ab8d638ebb3356bfd27c296154d
SSDEEP

49152:Xr7lm/8Drb/TXvO90dL3BmAFd4A64nsfJlKLrXGHW+LOfUetZRmX6ilNKg+DeQH8:Xrg/x+Ver

Score

10^/10

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\c0545200569496754aa5a4c3000af185b56b819409a561f7a5cc5c6bb3015f8b.exe
"C:\Users\Admin\AppData\Local\Temp\c0545200569496754aa5a4c3000af185b56b819409a561f7a5cc5c6bb3015f8b.exe"
1⤵
PID:1180

memory/1180-133-0x00007FFDC5EB0000-0x00007FFDC5F6E000-memory.dmp

Filesize
760KB

Download
memory/1180-134-0x00007FFDC5400000-0x00007FFDC56C9000-memory.dmp

Filesize
2.8MB

Download
memory/1180-135-0x00007FFDC74F0000-0x00007FFDC759C000-memory.dmp

Filesize
688KB

Download
memory/1180-136-0x00007FFDC77F0000-0x00007FFDC79E5000-memory.dmp

Filesize
2.0MB

Download
memory/1180-138-0x000000C000000000-0x000000C000400000-memory.dmp

Filesize
4.0MB

Download
memory/1180-139-0x000001902E9D0000-0x000001902EA1E000-memory.dmp

Filesize
312KB

Download
memory/1180-140-0x000000C000000000-0x000000C000400000-memory.dmp

Filesize
4.0MB

Download
memory/1180-141-0x000001902E9D0000-0x000001902EA1E000-memory.dmp

Filesize
312KB

Download