cobaltstrike | 799352dd262a34eb25dae93b87c6fc5d7991351c0baa83ccceb2156ed18d6a8d

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 17:12

Target

799352dd262a34eb25dae93b87c6fc5d7991351c0baa83ccceb2156ed18d6a8d.exe
Size

17KB
MD5

c7e1d79a678a55dc2facda715e60ec5e
SHA1

03c37a21b90f4d5e42072ed5f26b6df3c35c995a
SHA256

799352dd262a34eb25dae93b87c6fc5d7991351c0baa83ccceb2156ed18d6a8d
SHA512

73329592f29249fe74923b0adaf47c24498c3357732bbb9c038c99bf60664ca26d849525e3bfd7286758b1cd95c5cf96292088f4212461d9e27d757661d3a1f2
SSDEEP

192:0DMAe4Ckj19RZZ6wpSfu1bKcq5uHj7khBDSeKNH46kTn121u/ZBUbOj6kxiY:0DMAoKz6WtKEj7aBDiLL1uBbAY

Score

10^/10

Family

cobaltstrike

http://3.145.83.235:8080/q2Gs

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; WOW64; Trident/5.0)

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\799352dd262a34eb25dae93b87c6fc5d7991351c0baa83ccceb2156ed18d6a8d.exe
"C:\Users\Admin\AppData\Local\Temp\799352dd262a34eb25dae93b87c6fc5d7991351c0baa83ccceb2156ed18d6a8d.exe"
1⤵
PID:1724

memory/1724-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/1724-1-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download