cobaltstrike | 84f1e4c2524fea85c43f9df6ac1449c95d2d3ba5bd7cb6bff2f4e1c97dc8cbe1

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240319-en
resource tags

arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system
submitted
10/04/2024, 12:20

Target

84f1e4c2524fea85c43f9df6ac1449c95d2d3ba5bd7cb6bff2f4e1c97dc8cbe1.dll
Size

155KB
MD5

2d2145dd72c9ac1400035a86d4228a30
SHA1

7f56cae259a892a33713ce77eca2b767bf39dd78
SHA256

84f1e4c2524fea85c43f9df6ac1449c95d2d3ba5bd7cb6bff2f4e1c97dc8cbe1
SHA512

101925f8d78134a854f6d10e64d2ad5785a41af986207955da8ef519c7e3c09595f86d7edff1a2258cda7f3b621fc527760bf7c44b34f7c1da1d40c33f970f79
SSDEEP

3072:Lh9P3ZJwZUjvIYB2St36SmOe0J/oOsS3mLdMuKYA:lru67B2SYSmj0BmLK

Score

10^/10

Family

cobaltstrike

http://hilaxeten.com:443/files/boxes.png

Attributes

user_agent
Host: vk.com Connection: close User-Agent: Mozilla/5.0 (Linux; Android 8.0.0; SM-G960F Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\84f1e4c2524fea85c43f9df6ac1449c95d2d3ba5bd7cb6bff2f4e1c97dc8cbe1.dll,#1
1⤵
PID:1644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5192 --field-trial-handle=2132,i,4018525042804461719,1997165676266557055,262144 --variations-seed-version /prefetch:8
1⤵
PID:3984

memory/1644-0-0x00007FF4D8430000-0x00007FF4D8431000-memory.dmp

Filesize
4KB

Download