cobaltstrike | 1cd0805b2e27783b5427189d43c5962a22c4ca2f8de17c1fc290d7822d8aca64

Analysis

max time kernel
148s
max time network
150s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
19-07-2024 14:01

Target

1cd0805b2e27783b5427189d43c5962a22c4ca2f8de17c1fc290d7822d8aca64.exe
Size

19KB
MD5

540c8cdbac33a97f303b65bff4206b3b
SHA1

22f134262715cf797104c6737f09ad9ed95e92dc
SHA256

1cd0805b2e27783b5427189d43c5962a22c4ca2f8de17c1fc290d7822d8aca64
SHA512

fbafb30a38eb8f94d225fc8b5f6effe623814ee902f5af40a0fdd5c747c08e1817e31a0eeb666b8adad4b833c2323332f22df8155f63fcd8e1da8acb421f7e72
SSDEEP

192:kV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2LvvUkWF8qa1Dojjgi:WqaCF31cix+Dc4zjevvURFF46gi

Score

10^/10

Family

cobaltstrike

http://192.168.112.195:5555/WoSD

Attributes

user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727)

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\1cd0805b2e27783b5427189d43c5962a22c4ca2f8de17c1fc290d7822d8aca64.exe
"C:\Users\Admin\AppData\Local\Temp\1cd0805b2e27783b5427189d43c5962a22c4ca2f8de17c1fc290d7822d8aca64.exe"
1⤵
PID:3040

memory/3040-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/3040-1-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download