cobaltstrike | 287517810a3fd525c1ce1a5e3e9ebbcc86f2f4a13451e792f9acd4e635da7492

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
22-04-2024 13:14

Target

287517810a3fd525c1ce1a5e3e9ebbcc86f2f4a13451e792f9acd4e635da7492.dll
Size

296KB
MD5

881d82f5180422e922cbccb8e26e8519
SHA1

ecf6f23daa81a1ef3e6f93d450906fa2c1c80fd8
SHA256

287517810a3fd525c1ce1a5e3e9ebbcc86f2f4a13451e792f9acd4e635da7492
SHA512

b94287df24503011c1d267b9b51f4a271153125146ef0d18d9374b8a66a9a2b4659be18ba9524d1457367b9fb0ee4c73f68668e8f39fb5fc72434c6a90c3745c
SSDEEP

6144:cIuNKwVCvc+2otsOCrvO549dFTXJWko0gasabGgCRilo1RKNe:zaqmHXrndFT2asabGgCVKNe

Score

10^/10

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\287517810a3fd525c1ce1a5e3e9ebbcc86f2f4a13451e792f9acd4e635da7492.dll,#1
1⤵
PID:3396

memory/3396-0-0x00007FFC92930000-0x00007FFC92B25000-memory.dmp

Filesize
2.0MB

Download
memory/3396-1-0x00007FFC83EC0000-0x00007FFC83F0F000-memory.dmp

Filesize
316KB

Download
memory/3396-2-0x00007FFC732E0000-0x00007FFC7336D000-memory.dmp

Filesize
564KB

Download
memory/3396-3-0x000001DC35060000-0x000001DC35062000-memory.dmp

Filesize
8KB

Download
memory/3396-4-0x00007FFC732E0000-0x00007FFC7336D000-memory.dmp

Filesize
564KB

Download
memory/3396-7-0x00007FFC732E0000-0x00007FFC7336D000-memory.dmp

Filesize
564KB

Download
memory/3396-11-0x00007FFC732E0000-0x00007FFC7336D000-memory.dmp

Filesize
564KB

Download
memory/3396-15-0x00007FFC732E0000-0x00007FFC7336D000-memory.dmp

Filesize
564KB

Download