cobaltstrike | f7a048039c82d26be6209fcfa9f822ac5e6de6478301f127bd3bbc022c1ec1df

Analysis

max time kernel
148s
max time network
149s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
18-04-2024 00:13

Target

f7a048039c82d26be6209fcfa9f822ac5e6de6478301f127bd3bbc022c1ec1df.exe
Size

19KB
MD5

e6299defdf4d68356c108450aa912af8
SHA1

ec35c92efa5c19227190ffe5dfeaca28e0998f4b
SHA256

f7a048039c82d26be6209fcfa9f822ac5e6de6478301f127bd3bbc022c1ec1df
SHA512

9912bad471e6f4b83364a16832acad3f0b8dd9f5c884932eca329c561b57ac4b7901ee2518db374dc9bdc847cdb3ecf80d5b47c0a1bbf09ac89de1d76384a929
SSDEEP

192:XV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2ZovesCnWF8qa1Dojjgi:BqaCF31cix+Dc4zjfvewFF46gi

Score

10^/10

Family

cobaltstrike

http://192.168.3.50:3322/3tAu

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MANM)

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\f7a048039c82d26be6209fcfa9f822ac5e6de6478301f127bd3bbc022c1ec1df.exe
"C:\Users\Admin\AppData\Local\Temp\f7a048039c82d26be6209fcfa9f822ac5e6de6478301f127bd3bbc022c1ec1df.exe"
1⤵
PID:3068

memory/3068-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/3068-1-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download