cobaltstrike | 20644ab59d93ff209693d1eb3c40bbb601043ccf148707834e5c1f3f1995487f

Analysis

max time kernel
149s
max time network
152s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
06-10-2023 22:53

Target

20644ab59d93ff209693d1eb3c40bbb601043ccf148707834e5c1f3f1995487f.exe
Size

19KB
MD5

677faad1583dcc33c379d29967f19de3
SHA1

1a19f9ffe043357ac8acc00a11ecec147e3c1087
SHA256

20644ab59d93ff209693d1eb3c40bbb601043ccf148707834e5c1f3f1995487f
SHA512

516c92ade235e9912c1aa7154d5b7431320a6d6ad5b1a3a18643217030727e59b581aa532a55409366cbab78f3cbcb2b0bfb4d0e729353afa077bf95db5501d5
SSDEEP

192:PV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/259+CWF8qa1Dojjgi:JqaCF31cix+Dc4zjI+7FF46gi

Score

10^/10

Family

cobaltstrike

http://172.35.75.134:8888/Mes8

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; FunWebProducts; IE0006_ver1;EN_GB)

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\20644ab59d93ff209693d1eb3c40bbb601043ccf148707834e5c1f3f1995487f.exe
"C:\Users\Admin\AppData\Local\Temp\20644ab59d93ff209693d1eb3c40bbb601043ccf148707834e5c1f3f1995487f.exe"
1⤵
PID:2376

memory/2376-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/2376-1-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download