cobaltstrike | d7c9089b5bdc59c4478cd081ccda8b4b2b2d018d836fa95dae39b8e7456fae7f | Triage

Analysis

max time kernel
149s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20230831-en
resource tags

arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system
submitted
10-09-2023 09:11

Sharing

Report Analysis Logs

General

Target

6.exe
Size

1.8MB
MD5

164d9e2f7c9678befdea0d7691a121c4
SHA1

0b26377b3c9f67ca0e4a9ec8126faa24a67616ff
SHA256

c8e6e1b5ee8bc766818d179fecf529b179d4bb488bf9cb11fea6c004fc3c2842
SHA512

73d21a28d0877bf2d046270e8eb9702f801baa879a30015049be833445d7f961c729e1299fa728e60cbffb0c3d4d7d6d72a81bbc7e31f3de98e99972ba9d9e6b
SSDEEP

24576:Q+OrBnEQvhduAxa59cRKCX8bxCF9n72v03mHsX/Ox5fR:crBLvaEn5iv0QfR

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

6.exe

pid process

2352 6.exe
2352 6.exe
2352 6.exe
2352 6.exe

C:\Users\Admin\AppData\Local\Temp\6.exe
"C:\Users\Admin\AppData\Local\Temp\6.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2352

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2352-0-0x000001F067230000-0x000001F067271000-memory.dmp

Filesize
260KB

Download
memory/2352-1-0x000001F0673C0000-0x000001F06740F000-memory.dmp

Filesize
316KB

Download
memory/2352-2-0x000001F067230000-0x000001F067271000-memory.dmp

Filesize
260KB

Download
memory/2352-3-0x000001F0673C0000-0x000001F06740F000-memory.dmp

Filesize
316KB

Download