cobaltstrike | d5343832345f663a28d669c297abc2503062e15a18feb827d2c953736d1a3dc8

Analysis

max time kernel
142s
max time network
144s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
03-05-2024 22:17

Target

d5343832345f663a28d669c297abc2503062e15a18feb827d2c953736d1a3dc8.exe
Size

19KB
MD5

cb600266adfbff6508450e0b80a503cd
SHA1

e3df1e9898b5b8d7b1cf009a381ab8c0fa6498c8
SHA256

d5343832345f663a28d669c297abc2503062e15a18feb827d2c953736d1a3dc8
SHA512

336dea4f73beca73f82e0bcafa568690768ff04b4d2e2f7a1387dc12e9d7e9c3a6c40aaa4f63c7d3a37dc435e694450dff5fd9429e462b2b461245220739e6b6
SSDEEP

192:oV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/24ZTqAdWF8qa1Dojjgi:aqaCF31cix+Dc4zjXZFQFF46gi

Score

10^/10

Family

cobaltstrike

http://172.16.182.134:80/Ufi9

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; BOIE9;ENUS)

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\d5343832345f663a28d669c297abc2503062e15a18feb827d2c953736d1a3dc8.exe
"C:\Users\Admin\AppData\Local\Temp\d5343832345f663a28d669c297abc2503062e15a18feb827d2c953736d1a3dc8.exe"
1⤵
PID:2148

memory/2148-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/2148-1-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download