cobaltstrike | 17cca0881d8ce9bbac9cb7fd2efe2fe6c8b1aa0059940facc82697b860e261dd

Analysis

max time kernel
149s
max time network
152s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05/03/2024, 11:33

Target

17cca0881d8ce9bbac9cb7fd2efe2fe6c8b1aa0059940facc82697b860e261dd.exe
Size

19KB
MD5

ba7dfda9b13bbc5ebf3ed3bd72f3e12e
SHA1

faade0f617fc17c60cb0ad62b8067963a0ffbcb1
SHA256

17cca0881d8ce9bbac9cb7fd2efe2fe6c8b1aa0059940facc82697b860e261dd
SHA512

e53d8ebf8856db5af513c3bffeda580fde821307492c6430eff9ab0043521cd8e6c3b49a240a8f515f28246975500ef65dbf67f4ae733493619b46c0c75de9fe
SSDEEP

192:oV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/27uWJwyRWF8qa1Dojjgi:aqaCF31cix+Dc4zjOuBrFF46gi

Score

10^/10

Family

cobaltstrike

http://192.168.3.148:8000/Oub7

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUSMSE)

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\17cca0881d8ce9bbac9cb7fd2efe2fe6c8b1aa0059940facc82697b860e261dd.exe
"C:\Users\Admin\AppData\Local\Temp\17cca0881d8ce9bbac9cb7fd2efe2fe6c8b1aa0059940facc82697b860e261dd.exe"
1⤵
PID:2856

memory/2856-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/2856-1-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download