cobaltstrike | d0870446ef07af5dffc825f7b441a71409a948beb537005617ade471ad00f17b

Analysis

max time kernel
141s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
29/05/2024, 21:59

Target

5751cb791ac2f5ae400f789d361fc8f0_NeikiAnalytics.exe
Size

1.3MB
MD5

5751cb791ac2f5ae400f789d361fc8f0
SHA1

57fa8ec992e267f65389679df9dbf246aab60330
SHA256

d0870446ef07af5dffc825f7b441a71409a948beb537005617ade471ad00f17b
SHA512

9cbfc3018e5bbf5323c9617159d1be0da741b99c05f6e341eefc604e46ceb6d761bab58947a33815d23a7831c8018e8915716228c2d144bdacc08e171ba10318
SSDEEP

12288:xC91aDapbi0xtnZ0jDCinG9sLd5oF/eYPn/TmHuJf0QXEmz4:8GOpbi0zZCeinGo5oFGe/KuJ9

Score

10^/10

Family

cobaltstrike

http://service-hzdzk12c-1318485841.gz.apigw.tencentcs.com:443/make/disclosure/8FSMVPUB2ZA

Attributes

user_agent
Accept: text/html, image/*, application/xml Accept-Language: sk Accept-Encoding: identity, br User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.90 Safari/537.36

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\5751cb791ac2f5ae400f789d361fc8f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5751cb791ac2f5ae400f789d361fc8f0_NeikiAnalytics.exe"
1⤵
PID:3012

memory/3012-0-0x00007FF78E540000-0x00007FF78E69E000-memory.dmp

Filesize
1.4MB

Download
memory/3012-1-0x00007FF78E540000-0x00007FF78E69E000-memory.dmp

Filesize
1.4MB

Download
memory/3012-2-0x000001608E0B0000-0x000001608E0B2000-memory.dmp

Filesize
8KB

Download
memory/3012-4-0x00007FF78E540000-0x00007FF78E69E000-memory.dmp

Filesize
1.4MB

Download