cobaltstrike | ce305ce2703a55e596bb26c8bfe2d6f4f23c2257528409f5c7277c8dec64cff6

Analysis

max time kernel
147s
max time network
149s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
21/04/2024, 02:53

Target

fe4356083ab3f82cbafb7f2f6de3ef12_JaffaCakes118.exe
Size

7KB
MD5

fe4356083ab3f82cbafb7f2f6de3ef12
SHA1

6c0ec1a2cadd7316a136b3f6e2aa0fe8cb0e7f04
SHA256

ce305ce2703a55e596bb26c8bfe2d6f4f23c2257528409f5c7277c8dec64cff6
SHA512

7bf4b259580a9d5d333260b4df7b08e3fa28f449203542c56d3084024139d39163d648c944e5c5ffb7167e314ca980db53e571807b637ec74589d66103829865
SSDEEP

96:pM7BEFgq7n7cupmaITg0lBlrTj/KXhxu0h2yYxeZlNYj50GiDz9jhS/XAzNto:27BEF7hpmaY1VTDwxJ1Y4l6j50G2uCu

Score

10^/10

Family

cobaltstrike

http://192.168.30.105:80/BwSQ

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; MAARJS)

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\fe4356083ab3f82cbafb7f2f6de3ef12_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fe4356083ab3f82cbafb7f2f6de3ef12_JaffaCakes118.exe"
1⤵
PID:1540

memory/1540-0-0x000007FEF5B60000-0x000007FEF64FD000-memory.dmp

Filesize
9.6MB

Download
memory/1540-1-0x0000000000AE0000-0x0000000000B60000-memory.dmp

Filesize
512KB

Download
memory/1540-2-0x0000000000470000-0x0000000000471000-memory.dmp

Filesize
4KB

Download
memory/1540-3-0x000007FEF5B60000-0x000007FEF64FD000-memory.dmp

Filesize
9.6MB

Download
memory/1540-4-0x0000000000AE0000-0x0000000000B60000-memory.dmp

Filesize
512KB

Download