cobaltstrike | 1208-93-0x0000000001E20000-0x0000000001E72000-memory[.]dmp | Triage

Sharing

General

Target

1208-93-0x0000000001E20000-0x0000000001E72000-memory.dmp
Size

328KB
MD5

a57abfc2d811b63ad98618a9d04d9ee9
SHA1

0dd02ba3ebfeed91edc262fa43595ef85ea901f4
SHA256

3378cf4aa22424cab8284474ccbef6d4d9a347b6a441dc68e70edd6f6f45d0b1
SHA512

c2dc690b7e561269d3cd365912fe7cfddf3ebc6973b6c7b434f797e40880d67e004334c5b8113d0c141c0ea6c7660fbdbf7e70167ec2450274e778b06032f143
SSDEEP

3072:RzbINhWl+CIbrqqEVxtfg8jtfDCJS4l9JTFyG+JteEzCnLCuUfFUYJZ6vzHktKoz:RzbUyootfDCvT4ZTXzCLCXUzcrKM

Score

10^/10

cobaltstrike

Malware Config

Signatures

Cobaltstrike family
cobaltstrike

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1208-93-0x0000000001E20000-0x0000000001E72000-memory.dmp

Files

1208-93-0x0000000001E20000-0x0000000001E72000-memory.dmp
.dll windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ