cobaltstrike | 21b5f1538730a9c35c240113310af6ffaf96c19aab9c1da391c40df8e3b75554

Analysis

max time kernel
141s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
22-08-2023 22:53

Target

21b5f1538730a9c35c240113310af6ffaf96c19aab9c1da391c40df8e3b75554.exe
Size

19KB
MD5

e294976a9609bae82c28379ec4da1e00
SHA1

8c9f46489812bd57cc4626b69e0f64a6e1fb8b1c
SHA256

21b5f1538730a9c35c240113310af6ffaf96c19aab9c1da391c40df8e3b75554
SHA512

bc2bd38ba0c6415b1f286d61087253cf62fca4af3af2fdb0580716591b7aa9eebd69e2a5c2e09e623ed35d4c01788e078d4301c62e7a82c76afe0c77ba48dc71
SSDEEP

192:LV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2FR7VWF8qa1Dojjgi:lqaCF31cix+Dc4zjK7YFF46gi

Score

10^/10

Family

cobaltstrike

http://111.229.211.161:59999/fH9v

Attributes

user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; InfoPath.2)

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

Program crash 1 IoCs

pid	pid_target	Process	procid_target
852	2360	WerFault.exe	76

C:\Users\Admin\AppData\Local\Temp\21b5f1538730a9c35c240113310af6ffaf96c19aab9c1da391c40df8e3b75554.exe
"C:\Users\Admin\AppData\Local\Temp\21b5f1538730a9c35c240113310af6ffaf96c19aab9c1da391c40df8e3b75554.exe"
1⤵
PID:2360
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2360 -s 1132
  2⤵
  - Program crash
  PID:852

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 440 -p 2360 -ip 2360
1⤵
PID:5068

memory/2360-133-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/2360-134-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download