cobaltstrike | 1724c65a3fad14a8d36cdee60212f61cf76b8e045f599f17b20fb45ac5eee3fd

Analysis

max time kernel
141s
max time network
133s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
22/09/2023, 13:51

Target

1724c65a3fad14a8d36cdee60212f61cf76b8e045f599f17b20fb45ac5eee3fd.exe
Size

19KB
MD5

7c245bcaf1140deffc5597af00c4bac2
SHA1

92a585d634ff35160a082c9204a7907244387892
SHA256

1724c65a3fad14a8d36cdee60212f61cf76b8e045f599f17b20fb45ac5eee3fd
SHA512

86136f41f840f014743caaffa912ec997b566d252390111c4fcc4b2bd9a045b398b569ed54c9b0b1ae69f3723ccd962cea92ef67f87ee9689393cc43d7a453bb
SSDEEP

192:UV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2bhLQbZWF8qa1Dojjgi:GqaCF31cix+Dc4zjuhUAFF46gi

Score

10^/10

Family

cobaltstrike

http://39.106.36.180:47080/r4Ho

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; MAGWJS)

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\1724c65a3fad14a8d36cdee60212f61cf76b8e045f599f17b20fb45ac5eee3fd.exe
"C:\Users\Admin\AppData\Local\Temp\1724c65a3fad14a8d36cdee60212f61cf76b8e045f599f17b20fb45ac5eee3fd.exe"
1⤵
PID:2984

memory/2984-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/2984-2-0x0000000000620000-0x0000000000676000-memory.dmp

Filesize
344KB

Download
memory/2984-1-0x0000000003D60000-0x0000000004160000-memory.dmp

Filesize
4.0MB

Download
memory/2984-3-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2984-4-0x0000000000620000-0x0000000000676000-memory.dmp

Filesize
344KB

Download