cobaltstrike | ff66180e102e9c405382cb847578ae31cfc5c62ead106371360fe1c90f0872b6

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07/09/2024, 21:26

Target

ff66180e102e9c405382cb847578ae31cfc5c62ead106371360fe1c90f0872b6.exe
Size

19KB
MD5

a9e79eaa4ee741452c71c2e303dd7f5b
SHA1

87602852234e7e0e4c31cdb64fd1287fa3474541
SHA256

ff66180e102e9c405382cb847578ae31cfc5c62ead106371360fe1c90f0872b6
SHA512

5851d44355804b37e350773af3565d8da0f9af6271dafa30649e4a4ecec5e4b0ff1df510c32faade19943be1873ff3d72a64e48cdb30686d12adc0d09ec371c6
SSDEEP

192:fV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/2DqvjFnKmqWF8qa1Dojjgi:ZqaCF31cix+Dc4zjOqrh/FF46gi

Score

10^/10

Family

cobaltstrike

http://192.168.238.160:80/cRRV

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; MAGWJS)

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\ff66180e102e9c405382cb847578ae31cfc5c62ead106371360fe1c90f0872b6.exe
"C:\Users\Admin\AppData\Local\Temp\ff66180e102e9c405382cb847578ae31cfc5c62ead106371360fe1c90f0872b6.exe"
1⤵
PID:5040

memory/5040-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/5040-1-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download