cobaltstrike | 8650498da4a5bd9f4096976e1634011ef67fcdc0fc3d8e23d149e0d6f3a843bf

Analysis

max time kernel
149s
max time network
153s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
01/06/2024, 09:29

Target

8650498da4a5bd9f4096976e1634011ef67fcdc0fc3d8e23d149e0d6f3a843bf.exe
Size

19KB
MD5

d372a5536a1cc0fce6925372b086ad16
SHA1

b32122989768ea5d029013677fcea6cdb8b5886d
SHA256

8650498da4a5bd9f4096976e1634011ef67fcdc0fc3d8e23d149e0d6f3a843bf
SHA512

b4bb38bae32a78baa3d3240255e6e434797bd5d1cd6bb1a290fb23dcfe6bc6c63d2c82c38a33cd005bd22125959cd05ffa1922db79f03c57e69cfda57534f964
SSDEEP

192:PV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2D+hKdzuSgnUWF8qa1Dojjgi:JqaCF31cix+Dc4zji+8dzshFF46gi

Score

10^/10

Family

cobaltstrike

http://172.25.3.38:888/DCrd

Attributes

user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET4.0C; .NET4.0E)

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\8650498da4a5bd9f4096976e1634011ef67fcdc0fc3d8e23d149e0d6f3a843bf.exe
"C:\Users\Admin\AppData\Local\Temp\8650498da4a5bd9f4096976e1634011ef67fcdc0fc3d8e23d149e0d6f3a843bf.exe"
1⤵
PID:1100

memory/1100-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/1100-1-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download