cobaltstrike | 47e5d5c129ffe551e0a8d7b579eae6425599584a3ce6793bbfeccffe59ab41d6

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
08/03/2024, 17:04

Target

47e5d5c129ffe551e0a8d7b579eae6425599584a3ce6793bbfeccffe59ab41d6.exe
Size

19KB
MD5

026a02bf2f7c23e70baa397dd67d0ab5
SHA1

270cc95ea49341e4402d2bf8826062ac45529bd5
SHA256

47e5d5c129ffe551e0a8d7b579eae6425599584a3ce6793bbfeccffe59ab41d6
SHA512

c65969695b61f75c4d4f19d2ec8d1ff40a8d9c56f82499a846aa9de9eaf5fecb5724fbe025661767d2c939a780be27db607b9f58c6d5f24545f2d4398bd28276
SSDEEP

192:LL0TRvIO8EgmfG4mQx09E03OPs0RTq3gvRFvkYPUMALdvwnnn07TGSqR/nBxvzxc:fcRvgmqJv3LaTvRFvPPQdvi/fb/ydB

Score

10^/10

Family

cobaltstrike

http://119.167.229.212:443/static/skins/js/jquery-3.3.2.slim.min.js

Attributes

user_agent
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Referer: http://code.jquery.com/ Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko Host: bmw.ccb.com

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\47e5d5c129ffe551e0a8d7b579eae6425599584a3ce6793bbfeccffe59ab41d6.exe
"C:\Users\Admin\AppData\Local\Temp\47e5d5c129ffe551e0a8d7b579eae6425599584a3ce6793bbfeccffe59ab41d6.exe"
1⤵
PID:1944

memory/1944-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/1944-1-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download