cobaltstrike | f6c50b717e9436da8c11b00c69c72247908faa135d5a84ced2ac9198f45eb741

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
07-10-2023 14:09

Target

NEAS.f6c50b717e9436da8c11b00c69c72247908faa135d5a84ced2ac9198f45eb741_JC.exe
Size

19KB
MD5

e7715055ced402cccffcd4cfbf653016
SHA1

fa8caa6bd5b7143cd7bfaec60058c69d0a2df064
SHA256

f6c50b717e9436da8c11b00c69c72247908faa135d5a84ced2ac9198f45eb741
SHA512

f9c983c0f4c7d8b92e225d68fbab11fdb527d48ad9e9f6ed42f9adcfcc0d397b074f24f245f249bf294bdf995cd7506acd0127604a4fd694dc9929fdde9a5a80
SSDEEP

192:wV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2PVCdiJWF8qa1Dojjgi:SqaCF31cix+Dc4zje+bFF46gi

Score

10^/10

Family

cobaltstrike

http://192.168.4.130:80/1ymF

Attributes

user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.1)

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\NEAS.f6c50b717e9436da8c11b00c69c72247908faa135d5a84ced2ac9198f45eb741_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.f6c50b717e9436da8c11b00c69c72247908faa135d5a84ced2ac9198f45eb741_JC.exe"
1⤵
PID:4920

memory/4920-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/4920-1-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download