cobaltstrike | 42b1e58432f887b83838d792dca9a506c20f8da3fc37d30354407ecf4fce83e8

Analysis

max time kernel
148s
max time network
149s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
03-06-2024 12:43

Target

42b1e58432f887b83838d792dca9a506c20f8da3fc37d30354407ecf4fce83e8.exe
Size

19KB
MD5

545fd141bd06c9303d5e3c622a8d7891
SHA1

e36c31c02f1168cd5990fe0f48b0b43943c3feda
SHA256

42b1e58432f887b83838d792dca9a506c20f8da3fc37d30354407ecf4fce83e8
SHA512

05fe0efe1287537b99140fb6a322ea402577022238a3a81398a0d58c0e341cb7367fba44ae0e12ab098315a5c422e8ce2641bde04dd4d775367c0fa65a735900
SSDEEP

192:PV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2Y4GDpRWF8qa1Dojjgi:JqaCF31cix+Dc4zjQxFF46gi

Score

10^/10

Family

cobaltstrike

http://47.109.148.62:80/6hVi

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;PTBR)

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\42b1e58432f887b83838d792dca9a506c20f8da3fc37d30354407ecf4fce83e8.exe
"C:\Users\Admin\AppData\Local\Temp\42b1e58432f887b83838d792dca9a506c20f8da3fc37d30354407ecf4fce83e8.exe"
1⤵
PID:2980

memory/2980-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/2980-1-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download