cobaltstrike | 27f59ac9d5865366ba16786f728125fa9426bd58a1a06a79388da987d7844de4

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20-05-2024 10:17

Target

27f59ac9d5865366ba16786f728125fa9426bd58a1a06a79388da987d7844de4.exe
Size

19KB
MD5

879b8dd400a530ee29b5440860240c2b
SHA1

b91c4f0ec025b8878db88a10e73455b8c83ed4ff
SHA256

27f59ac9d5865366ba16786f728125fa9426bd58a1a06a79388da987d7844de4
SHA512

e769ed7092561bc5034c421999ce4d226672f9c380ade877f5d91776ca1081cecb79829d3f2482753705b3eddffb8847a7243663e61d4d37d14cc5c944988496
SSDEEP

192:GV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2ODYNiiWF8qa1Dojjgi:gqaCF31cix+Dc4zjy6FF46gi

Score

10^/10

Family

cobaltstrike

http://192.168.63.128:80/4aPx

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MDDRJS)

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\27f59ac9d5865366ba16786f728125fa9426bd58a1a06a79388da987d7844de4.exe
"C:\Users\Admin\AppData\Local\Temp\27f59ac9d5865366ba16786f728125fa9426bd58a1a06a79388da987d7844de4.exe"
1⤵
PID:4772

memory/4772-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/4772-1-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download