cobaltstrike | 2828-4-0x0000011949650000-0x000001194969F000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2828-4-0x0000011949650000-0x000001194969F000-memory.dmp
Size

316KB
MD5

e00f289141c8b2a37a9d9f3439a9dfa6
SHA1

5303c8325e85cf3d635c17da733fe7606feb6369
SHA256

8d2d26592c7a12cf465d0b07006a2186591a2c811a04defbad6fdcc404d1b2cc
SHA512

26246a295672b7d3f5b7001d5a78dee28d6912933b8ae8fa6931427b8ef40a6b86fa0e722bc1f9e0a990de3f3a5e994f730714f87e0ad7e159862f033ea7199b
SSDEEP

6144:uJqVG5d1IpMyibgkTZI6jHID90a26k26H/:u3d6tevoxG6k2M

Score

10^/10

0 cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

Attributes

watermark
0

Signatures

Cobaltstrike family
cobaltstrike

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2828-4-0x0000011949650000-0x000001194969F000-memory.dmp

Files

2828-4-0x0000011949650000-0x000001194969F000-memory.dmp
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ