cobaltstrike | 89ca6a12dd9e65ff66e84e8295eccd5182a91f64dbf3bb444270840f1eea6367

Analysis

max time kernel
148s
max time network
158s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
07/09/2024, 21:29

Target

89ca6a12dd9e65ff66e84e8295eccd5182a91f64dbf3bb444270840f1eea6367.exe
Size

19KB
MD5

aabcae3c582f849e038c120bf92a7584
SHA1

e2a9f8119c755eb7371a62bb0ce151e8281a3fce
SHA256

89ca6a12dd9e65ff66e84e8295eccd5182a91f64dbf3bb444270840f1eea6367
SHA512

7e1adefac02a8d8f1598b9a8f5b98ea05cf4227e0711843b5e0c63f0aa21a2f4c29dee853963e0fca9243cce2460377038fa82531030abf7820e5e690970eae1
SSDEEP

192:xV7qaCF6Op1t2dobVXujRDcBaXWQjwOT/23VqhZ0WF8qa1Dojjgi:DqaCF31cix+Dc4zjcVaHFF46gi

Score

10^/10

Family

cobaltstrike

http://114.132.88.143:11443/k5Pm

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; qdesk 2.4.1263.203; Windows NT 6.1; WOW64; Trident/5.0)

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\89ca6a12dd9e65ff66e84e8295eccd5182a91f64dbf3bb444270840f1eea6367.exe
"C:\Users\Admin\AppData\Local\Temp\89ca6a12dd9e65ff66e84e8295eccd5182a91f64dbf3bb444270840f1eea6367.exe"
1⤵
PID:1760

memory/1760-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/1760-1-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download