cobaltstrike | 1784-1-0x00000000007B0000-0x00000000007FE000-memory[.]dmp | Triage

Sharing

General

Target

1784-1-0x00000000007B0000-0x00000000007FE000-memory.dmp
Size

312KB
MD5

dbcc8a5d4b852a10055829e83430f29f
SHA1

8a4a7473a4657f5bc61827da818ab79421fc0f92
SHA256

206e78bee766a297dea4f6fcf55fde0f7a34f7d90e0bb075a8610d968fc5f017
SHA512

dd9be65bb1bcac3efd8113ac8094ef2df96e7bd8f323d44427838867f9b4f8a259f251890cc444a6a6a1250e3124802b3ce7ed2dee04206cfe7da0c85c021ccc
SSDEEP

3072:ksYckn3Xzq4IDwSK2Mbn/gprBJwJNJsCwQTIfXouPruOOTR3OoJZcYJSrCobB:ksYwjwIGIprBJweGTIDjhOTR3RcQq

Score

10^/10

0 cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

Attributes

watermark
0

Signatures

Cobaltstrike family
cobaltstrike

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1784-1-0x00000000007B0000-0x00000000007FE000-memory.dmp

Files

1784-1-0x00000000007B0000-0x00000000007FE000-memory.dmp
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ