cobaltstrike | 4cee20de03e5d422d8992a596818c2bb5774668039d2b7b8be4628bdca32d2f9

Analysis

max time kernel
148s
max time network
149s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
25/06/2024, 13:18

Target

4cee20de03e5d422d8992a596818c2bb5774668039d2b7b8be4628bdca32d2f9.exe
Size

804KB
MD5

00a5bf52a4421a67fe6ae089a300e41d
SHA1

07ae2fd9efa11f2f003426760e531b03d796c6e2
SHA256

4cee20de03e5d422d8992a596818c2bb5774668039d2b7b8be4628bdca32d2f9
SHA512

cad036f7c2ba8182f3d4eae2c47c0292de91d24a55041a878e96d92140971c45f89c272bffbd9de61dcd14fffde93b9aba0395377dc934f00dacf3cec765b81d
SSDEEP

12288:g8cG3qhiCSLo3tdBJVYh1KxCzOWYX3/bPX4KmXVQ1nOfRUE/XnbjSKdm8P8Q:fVLSdab2C6WYDqV8nob+AJ

Score

10^/10

Family

cobaltstrike

http://1.94.113.115:443/jquery-3.3.2.slim.min.js

Attributes

user_agent
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Referer: http://code.jquery.com/ Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2104-0-0x0000000000400000-0x000000000111B000-memory.dmp	upx
behavioral1/memory/2104-2-0x0000000000400000-0x000000000111B000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\4cee20de03e5d422d8992a596818c2bb5774668039d2b7b8be4628bdca32d2f9.exe
"C:\Users\Admin\AppData\Local\Temp\4cee20de03e5d422d8992a596818c2bb5774668039d2b7b8be4628bdca32d2f9.exe"
1⤵
PID:2104

memory/2104-0-0x0000000000400000-0x000000000111B000-memory.dmp

Filesize
13.1MB

Download
memory/2104-1-0x0000000029F00000-0x000000002A001000-memory.dmp

Filesize
1.0MB

Download
memory/2104-2-0x0000000000400000-0x000000000111B000-memory.dmp

Filesize
13.1MB

Download