cobaltstrike | e1f715c37d2d5fed0be21cdf07acce133eba0897f7d2370de8784bbdb7779596

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
22/08/2023, 14:01

Target

e1f715c37d2d5fed0be21cdf07acce133eba0897f7d2370de8784bbdb7779596.exe
Size

11KB
MD5

fcc4c4e38bc1368acaa5926bc976436f
SHA1

1392d6785477bc81aadb6a3920bbbb9f0e5aeb6a
SHA256

e1f715c37d2d5fed0be21cdf07acce133eba0897f7d2370de8784bbdb7779596
SHA512

d8d153ac6265abcb7793ed1f247e28c9933a74af9e1c90b71316a8aefbd364bb17374fbf1e2acd430dadd29f978c904d204596f1c5944fed5b3fa69f9e8c845c
SSDEEP

192:2mJbN+4Je67uhKS2ao9LRsJ6RR5mAVohSGAnYnkyUxaVXFaL1wcWk5:zJdeGP9L6J6RR5mxhmnYnnUxaVXALJ5

Score

10^/10

Family

cobaltstrike

http://116.211.148.181:800/Tbo8

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MALCJS)

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2584-54-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral1/memory/2584-56-0x0000000000400000-0x0000000000410000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\e1f715c37d2d5fed0be21cdf07acce133eba0897f7d2370de8784bbdb7779596.exe
"C:\Users\Admin\AppData\Local\Temp\e1f715c37d2d5fed0be21cdf07acce133eba0897f7d2370de8784bbdb7779596.exe"
1⤵
PID:2584

memory/2584-54-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2584-55-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/2584-56-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download