cobaltstrike | 3f4a8d3eb250de0a414e5ad173a5bac56facaf1f4e4d10030131f6da20d5fa64

Analysis

max time kernel
148s
max time network
149s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24-04-2024 04:17

Target

3f4a8d3eb250de0a414e5ad173a5bac56facaf1f4e4d10030131f6da20d5fa64.exe
Size

19KB
MD5

fe5ac8d46f29927d2cee708cf0294658
SHA1

a6f3a32ed8d40557cd7de7df3f7cf233cd50cdd4
SHA256

3f4a8d3eb250de0a414e5ad173a5bac56facaf1f4e4d10030131f6da20d5fa64
SHA512

9eb48a36aef65f1e60595648d967bcfde24fcb83955790b52006aa5e537507098928afe5823f19832753f52ceaf0eb0642369a071a75446db8d0c26daa3b59ac
SSDEEP

192:lV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2JTsWF8qa1Dojjgi:HqaCF31cix+Dc4zj6TJFF46gi

Score

10^/10

Family

cobaltstrike

http://192.168.1.56:99/PJuN

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; MANM; MANM)

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\3f4a8d3eb250de0a414e5ad173a5bac56facaf1f4e4d10030131f6da20d5fa64.exe
"C:\Users\Admin\AppData\Local\Temp\3f4a8d3eb250de0a414e5ad173a5bac56facaf1f4e4d10030131f6da20d5fa64.exe"
1⤵
PID:2176

memory/2176-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/2176-1-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download