cobaltstrike | a5602a32965b194b49bd46515ce1286feaddb7b0b7daa6e7774622815e8df75e

Analysis

max time kernel
132s
max time network
139s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
02/08/2024, 02:12

Target

a5602a32965b194b49bd46515ce1286feaddb7b0b7daa6e7774622815e8df75e.exe
Size

15KB
MD5

0ac815c9c2f0d8c5ce1334b2aa2127fd
SHA1

343a97dce9469ffacdc083649b7078481a747827
SHA256

a5602a32965b194b49bd46515ce1286feaddb7b0b7daa6e7774622815e8df75e
SHA512

8512daa540a62d39b91376df8372a7d8500faeb8fa53f1218363bd81fd6bbf8042968f1e0be2471aa9457e688fa1bbac60c41c02dc6c851a53b62ba6fde46af1
SSDEEP

192:s+t64X58uzg6bK0taptFuyqnOlsS1me0PVTzYGBFrP8UKTo0assgAV2aocQ3Q5tp:1XW4bLqFDqn3P1zzl8Uy3

Score

10^/10

Family

cobaltstrike

http://43.143.198.113:4567/AzYI

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; MANM; MANM)

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\a5602a32965b194b49bd46515ce1286feaddb7b0b7daa6e7774622815e8df75e.exe
"C:\Users\Admin\AppData\Local\Temp\a5602a32965b194b49bd46515ce1286feaddb7b0b7daa6e7774622815e8df75e.exe"
1⤵
PID:2080

memory/2080-0-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download