cobaltstrike | ec32d192d5b2b04f2941899d14d58c1a70a3da2cae6c7ac6575d7da040434928

Analysis

max time kernel
93s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07/09/2024, 21:32

Target

ec32d192d5b2b04f2941899d14d58c1a70a3da2cae6c7ac6575d7da040434928.exe
Size

1.4MB
MD5

88f38fa813f9839b5bb5527d9f66b5c9
SHA1

a95e157860dc31e7fec7b200be9f2a8503a66654
SHA256

ec32d192d5b2b04f2941899d14d58c1a70a3da2cae6c7ac6575d7da040434928
SHA512

e9a7f79383944c12404fc7c2435fd9a695a1a6fab9f62e957473f73a493f3a8afb81e540f57d88087a92aab0477dbd4bc2901a1c23df5adb085c56fda15146e7
SSDEEP

24576:ZTYk0nH+bXtRP87LAi8VIMVuviySnHLIE5Oqs1gN3Sor:ik0HYQeVIQ4iySHLXz3Sor

Score

10^/10

Family

cobaltstrike

http://cstest2.399339.xyz:80/wm2G

Attributes

user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1) Host: cstest2.399339.xyz

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\ec32d192d5b2b04f2941899d14d58c1a70a3da2cae6c7ac6575d7da040434928.exe
"C:\Users\Admin\AppData\Local\Temp\ec32d192d5b2b04f2941899d14d58c1a70a3da2cae6c7ac6575d7da040434928.exe"
1⤵
PID:4936

memory/4936-0-0x0000015B683A0000-0x0000015B683A1000-memory.dmp

Filesize
4KB

Download
memory/4936-1-0x0000015B6A0C0000-0x0000015B6A4C0000-memory.dmp

Filesize
4.0MB

Download
memory/4936-2-0x0000015B6A0C0000-0x0000015B6A4C0000-memory.dmp

Filesize
4.0MB

Download